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Foreword 


In April 1998, Cisco Systems, Inc. announced a new professional development initiative 
called the Cisco Career Certifications. These certifications address the growing world¬ 
wide demand for more (and better) trained computer networking experts. Building 
upon our highly successful Cisco Certified Internetwork Expert (CCIE) program the 
industry’s most respected networking certification vehicle-—Cisco Career Certifications 
enable you to be certified at various technical proficiency levels. 

With Introduction to Cisco Router Configuration, Cisco Press presents Ciscos most 
popular instructor-led certification preparation course as a single-volume book. Intro¬ 
duction to Cisco Router Configuration is not intended to replace the instructor-led 
course of the same name. Instead, it supplements and reinforces topics presented in the 
course. 

Cisco and Cisco Press together present this material in a text-based format in order to 
provide another learning vehicle for our customers and the broader user community in 
general. Although a publication cannot replace the instructor-led environment, we must 
acknowledge that not everyone responds in the same way to the same delivery mecha¬ 
nism. It is our intent that presenting this material via a Cisco Press publication will 
enhance the transfer of knowledge to our audience of networking professionals. 

This is the first of many course supplements planned for Cisco Press. Cisco will present 
existing and future courses through these coursebooks to help achieve Cisco Worldwide 
Training’s principal objectives: to educate Cisco’s community of networking profession¬ 
als and to enable that community to build and maintain reliable, scalable networks. 1 he 
Cisco Career Certifications and classes that define these certifications are directed at 
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meeting these objectives through a disciplined approach to progressive certification. 
The books Cisco creates in partnership with Cisco Press will meet the same standards 
for content quality demanded of our courses and certifications. 

It is our intent that you will find this and subsequent Cisco Press certification and train¬ 
ing publications of value as you build your networking knowledge base. 


Thomas M. Kelly 

Director, Worldwide Training 
Cisco Systems, Inc. 
August 1998 
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Introduction 


As today's internetworks grow and expand to support multiple sites, protocols, 
and operating systems, the interconnecting devices are the critical elements along 
the data path. Understanding these devices and how to configure them and inte¬ 
grate them into efficient, reliable network designs is essential to anyone support¬ 
ing network communications. Cisco Systems, the premier designer and provider 
of internetworking devices, is committed to supporting network administrators, 
designers, and builders in the use of its products. 

The content, organization, and goals of this book are based on Cisco’s highly suc¬ 
cessful “Introduction to Cisco Router Configuration’’ course. As such, the book 
provides a comprehensive introduction to internetworking LANs and WANs 
using Cisco routers. Technical background and functionality specifications for the 
most popular internetworking protocols today, including TCP/IP, Novell IPX, and 
AppleTalk networks, are covered. In addition, the book surveys wide-area net¬ 
working (WAN) techniques. Throughout, important general principles are bal¬ 
anced with configuration specifics for Cisco routers. 

Many configuration examples are included to demonstrate management and trou¬ 
bleshooting techniques for internetworking communications. If you are using this 
book as a study aid in preparing for one of Cisco’s certification exams, you will 
find the end-of-chapter tests useful. The tests are designed to help you evaluate 
your understanding of the concepts contained in the chapter and your ability to 
apply the configuration techniques available for Cisco routers. Chapters also con¬ 
tain sidebars in the form of Tips, Cautions, and Key Concepts to help emphasize 
critical details. 
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A follow-up title, Advanced Cisco Router Configurations (Cisco Press), provides more 
advanced details on traffic management and router configurations. 

Who Should Read This Book 

This book contains a broad range of technical details on routing models, processes, and 
design- it can be used as a general reference for anyone designing, implementing, or support¬ 
ing an'internetwork with TCP/IP, IPX/SPX, AppleTalk, SNA, DECnet and Banyan VINES 
protocols. If you anticipate taking one or more of the Cisco certification exams, particularly 
the Cisco Certified Network Associate (CCNA) exam, this book is a logical starting point. 

Even if you’re not using Cisco routers, this book can increase your understanding of the 
underlying technologies affecting network communications and security. 

Part 1: Introduction to Internetworking 

Part 1 provides the foundation of knowledge required to build and configure a multi¬ 
protocol network. It examines the various layers of functionality and introduces the 
startup sequences and configuration options for Cisco router products. 

Chapter 1, “The Internetworking Model,” introduces concepts that enable us to move 
from local to global internetworks. The chapter provides an introduction to the com¬ 
munication processes seen in local, national, and international/global LANs and 
WANs. You’ll learn how the data is built, packaged for end-to-end transport, addressed 
for internetwork routing, and addressed for local transit. 

Chapter 2, “Applications and Upper Layers,” focuses on the connection-oriented and 
connectionless communications defined by the transport layer of the OSI model. It also 
examines higher layer functions such as text and data formatting and conversion; image 
conversion; and sound and video conversion. Flow control and congestion avoidance 
mechanisms and are also covered. 

Chapter 3, “Physical and Data Link Layers” focuses on the functionality supported by 
internetworking routers. You’ll learn the difference between the Media Access Control 
(MAC) and Logical Link Control (LLC) sublayers of the data link layer. You’ll learn the 
basic functionality and specifications defined for Ethernet/802.3, Token Ring/802.5, 
and FDDI networks. This chapter also introduces various WAN technologies including 
SDLC, HDLC, LAPB, Frame Relay, PPP, X.25, and ISDN communications. 

Chapter 4, “Network Layer and Path Determination,” focuses on the layer that defines 
router functionality and compares routing technologies available for TCP/IP, IPX/SPX, 
and AppleTalk networks. The chapter describes routing problems such as routing loops 
and the count-to-infinity problem, as well as the available solutions, such as split horizon, 


poison reverse, hold-down timers, and triggered updates. Link state, distance vector, and 
hybrid routing protocols are introduced and compared. 

Chapter 5, "Basic Router Operations,” delves into the Cisco-specific procedures 
required to start up and configure a router using a console port, auxiliary port, virtual 
terminals, or TFTP server. This chapter surveys the methods a Cisco router uses to 
obtain its routing configurations, including RAM/DRAM, NVRAM, Flash and ROM 
memory. The process of changing router modes from user EXEC to privileged EXEC 
mode is also described. The chapter concludes with coverage of how to view the router 
startup, interface, and protocol status. 

Chapter 6, “Configuring a Router,” examines the process of loading configuration files 
and changing router modes. This chapter examines password configurations as well as 
the steps used to configure an interface, shut down an interface, and verify configura¬ 
tion changes. Finally, you’ll look at how to manage the configuration environment 
through backup images and setup modes. 

Chapter 7, “Discovering and Accessing Other Cisco Routers,” focuses on Cisco Discov¬ 
ery Protocol (CDP) and its ability to discover other Cisco routers. You’ll look at how 
to use CDP on a local or neighboring router. 

Part 2: Networking Protocol Suites 

Part 2 details the most popular internetworking protocols: TCP/IP, Novell IPX, and 
AppleTalk. In this section, you’ll examine the addressing system, service discovery, and 
routing techniques used by each of these protocol suites. 

Chapter 8, “TCP/IP Overview,” defines the elements in the TCP/IP stack with particular 
emphasis on the network and transport layer protocols, Internet Protocol (IP), User Dat¬ 
agram Protocol (UDP), and Transmission Control Protocol (TCP). Related elements of 
the TCP/IP suites, such as Address Resolution Protocol (ARP) and Internet Control Mes¬ 
sage Protocol (ICMP), are also discussed since routers typically support these elements. 

Chapter 9, “IP Addressing,” lays the groundwork for IP addresses that use standard 
class-based default masks and various subnet masking techniques. Examples deal with 
how to plan a Class B or Class C internetwork considering future network expansion 
and the current limitations of a class-based addressing scheme. This chapter also 
focuses on general and directed broadcasts as defined by the IP address format used. 
Finally, the chapter illustrates how to use simple and extended ping techniques to test 
communications between TCP/IP devices. 

Chapter 10, “IP Routing Configuration,” explains how IP routers learn of network des¬ 
tinations and assign a distance to each network. The chapter introduces and compares 
the RIP and IGRP routing protocols, and provides configuration examples of each. Gen¬ 
eral elements of interior and exterior routing protocols are also compared in this chapter. 
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lines that the terminals used to communicate with the centralized host. This networking 
technology enabled users to access shared centralized data and printer resources. 

IBM computers with Systems Network Architecture (SNA) networks and non-IBM 
computers with X.25 public data networks are typical examples of this type of environ¬ 
ment. Figure 1-1 illustrates a simple host-based communication environment. 
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On a single computer, accessing resources, running programs, and copying files are rel¬ 
atively straightforward tasks. The computer must identify the requesting user and the 
desired destination device or program and then coordinate access between them The sin¬ 
gle computer in this scenario is the master of all resources and thus can easily manage 
and coordinate them. 

In a network even one consisting of only two computers—coordinating resources 
becomes much more complex. Transferring information requires addressing, error 
detection, error correction, synchronization, and transmission coordination, among 
other things. 




1970s and 1980s: Networks 

The introduction of PCs revolutionized traditional communication and computer net¬ 
works. Initially, PCs were standalone devices that put processing capabilities and ample 


memory on each user’s desktop. As businesses realized the flexibility and power of these 
devices, their use increased. 

However, some network resources—such as printers and hard disks for memory-intensive 
applications—were not cost-efficient for every desktop. LANs (local-area networks) 
evolved primarily to enable sharing of such expensive resources. As such, LANs permitted 
the combination of the best characteristics of standalone PCs and centralized computing. 

The strategic importance of interconnected networks was quickly realized. Organiza¬ 
tions began to move toward linking previously isolated LANs, as shown in Figure 1-- 
Interconnected networks provided the basis for enterprise-wide applications such as 
e-mail and file transfer. These applications in turn increased overall productivity and 
competitiveness. 
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In addition to PCs and LANs, minicomputers and shared WANs (wide-area networks) 
evolved in the 1970s and 1980s. Minicomputers, often located away from the central 
data center, facilitated the emergence of distributed data processing, enabling the actual 
processing of information to occur outside the minicomputer on a terminal that sup¬ 
ported a processor and memory. The Digital Equipment Corporation VAX systems and 
DECnet networking are typical of this era. 
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Work managers today face tremendous challenges from evolving network demands 
md capabilities 8 This chapter opens with a brief history of how networks have evolved 
in d the resulting service improvements to network users. Some constants remain eve 
in the face of rapid network evolution, however, including design principles and th 
model that networking technologies follow to enable complex devices from diverse ven 
"elm™L«'» » network. Tho .ecnntl hnll of *» 

including a review of the International Organization for Standard.zation/Open Syste 
Interconnect (ISO/OSI) reference model. 


The Evolution of Networks 

The evolution of networks is in large measure an evolution of functions and capabili¬ 
ties. Each new phase in the evolution of networking incorporates and «Pands on he 
functionality (such as communications methods and access speeds) of the previous 
phase, beginning in the 1960s and continuing to the present ay. 


1960s and 1970s: Centralized Processing 

In the 1960s and early 1970s, computer communication typically was organized in the 
form of dumb terminals connected to a host (mainframe). The processing power a 
much of the memory resided in the host as opposed to the termina s ence t e 
•dumb" terminals). This centralized computing environment required low-speed access 
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In general, however, applications from different computing environments (such as the 
mainframe environment and LAN environment) remained separate and independent 
from each other. Different communication protocols were developed to support com¬ 
munications between the various environments. For example, the mainframe environ¬ 
ment used SNA (Systems Network Architecture) as a communication method while 
many LANs used Novell’s IPX/SPX (Internetwork Packet Exchange/Sequenced Packet 
Exchange) and TCP/IP (Transmission Control Protocol/Internet Protocol) as communi¬ 
cations methods. 

Both IPX/SPX and TCP/IP were designed to allow connections between multiple net¬ 
works through routers. This facilitated the growth of LANs within departments and 
companies. 

1980s and 1990s: Internetworks 

Internetworks tie LANs and WANs, computer systems, software, and a variety of dif¬ 
ferent devices together to form the corporate communication infrastructure. For exam- 
ple. Figure 1—3 depicts a network that consists of mainframe, minicomputer, and 
PC-based devices attached through a variety of media and interconnected through pri¬ 
vate and public (Internet) WAN links. This internetwork moves information anywhere 
within a corporation and to external partners and customers. By serving as the organi¬ 
zation’s information highway, the internetwork has become a key strategic asset and a 
competitive advantage. 

Routers are a key element in these internetworks because they allow (or deny) the com¬ 
munications between LANs and WANs. Understanding how routers function enables 
you to properly configure routers and select the routing protocol(s) most appropriate 
for an internetwork. 

Today’s internetworks combine a variety of devices, media types, and transmission 
methods. For many businesses, today’s networks are an ad hoc mixture of old and new 
technologies. For example, older IBM networks might operate virtually in parallel with 
the newer LAN interconnected networks, electronic commerce, and messaging systems. 
Local networks, public data networks, leased lines, and high-speed mainframe channels 
have been added to internetworks in a “just in time” approach, often with little regard 
for network design, management, and overall efficiency. As applications migrated from 
central hosts to distributed servers, they caused changes in traffic patterns. 

The approach to computer communication in most organizations is changing rapidly in 
response to new technologies, evolving business requirements, and the need for 
instant knowledge transfer. To meet these requirements, the internetwork, whatever 
form it takes, must be flexible, scalable, and adaptable to suit any organizational level 
(branch, regional, headquarters). It also must be thoughtfully designed to reflect the 
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Internetworking removes barriers associated with the physical network con- Key 
nections, hardware platforms, or software. oncepi 


1990s: Global Internetworking 

The biggest pressure on networks in the immediate future is the globalization ot busi 
ness, and the support of applications required to conduct business internally and wit 1 
customers and clients around the world. It is not unusual now to find that a company 
requires over 100 applications to function in a global internetwork. 

Studies show that networks increasingly require more bandwidth to support these added 
applications and internetwork connections. Networks will need to meet these demands 
as well as provide low delay, bandwidth on demand, and other new services. New 
devices will take their place alongside the router as additional network tools. Current 


expected network traffic patterns. Network engineers and administrators must know 
and understand how data packets are routed through a network to ensure that the most 
efficient interconnection system is put in place to handle the demands of today s rapidly 
growing networks. 
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Figure 1-4 
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The following are characteristics of global networks: 

Increasing use of graphics and imaging 

• Larger files 

• Larger programs 

• Client/server computing 

• Bursty network traffic 
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Global internetworking will provide an environment for emerging applications that will 
require even greater amounts of bandwidth. Many of these applications are driven by 
the evolution of multimedia requirements that have a high-definition image, full-motion 
video, or a digitized audio component. 


Network Types and Devices 

Today’s global internetworks can be categorized in three distinct types: 

Local-area networks (LANs) 

Wide-area networks (WANs) 

Enterprise networks 

Each network type uses a different set of internetworking devices. Although this book 
is primarily concerned with routers, you need to be familiar with the other devices that 
each internetwork type uses, and you need to understand how those devices relate to 
routers and how their traffic may or may not be routed through an internetwork. 


Local-Area Networks (LANs) 

Local-area networks (LANs) are designed to operate within a limited geographic area 
and allow multiple users to simultaneously access high-bandwidth media. Typically, 
LANs connect physically adjacent devices and are controlled privately by local 
administration. 

The major characteristics of LANs are: 


• The network operates within a building or floor of a building. As increasingly 
powerful LAN desktop devices run more powerful applications, the trend is to 
reduce the size of individual LANs and connect smaller LANs together using 
routers. 


• LANs provide multiple connected desktop devices (usually PCs) with access to 
high-bandwidth media. 

• An enterprise purchases the media and connections used in the LAN; the enter¬ 
prise can privately control the LAN as it chooses. 

• Local services are usually available; LANs rarely shut down or restrict access 
to connected workstations. 
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Figure 1-5 shows a sample LAN that consists of two connected networks (network A 
and network B). This LAN connects physically adjacent devices on the media. 


Figure 1-5 
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• Switches that connect LAN segments and devicesand help filter traffic. (Bridges 
that used to provide connectivity between segments have been largely replaced 
by switches that can connect to segments as well as directly to the desktops.) 

• Hubs that concentrate LAN connection and allow use of twisted-pair copper 
media 

• Workgroup concentrators that deliver 100-Mbps service over fiber or copper 
cabling 

• Ethernet and Token Ring switches that offer full-duplex, dedicated bandwidth 
to segments or desktops 

• Routers that offer many services, including internetworking and broadcast 
control 

• Asynchronous Transfer Mode (ATM) switches that provide high-speed cell 
switching 


Wide-Area Networks (WANs) 

WANs are designed to operate between a large mixture of telecommunications carriers 
and typically allow access over serial interfaces operating at lower speeds. WANs can 
be designed to provide part-time (dial-on-demand) or full-time connectivity over wide, 
even global, areas. 


The major characteristics of WANs are: 

. The network operates beyond the local LAN’s geographic scope. It uses the 
services of carriers such as Regional Bell Operating Companies (RBOCs), 
Sprint, and MCI. 

• WANs use serial connections of various types to access bandwidth over 
wide-area geographies. 

. An enterprise pays the carrier or service provider for connections used in the 
WAN; the enterprise can choose which services it uses. Carriers are usually 
regulated by tariffs. 

. WANs rarely shut down, but because the enterprise must pay for services used, 
it might restrict access to connected workstations. Not all WAN services arc- 
available in all locations. 

Figure 1-6 shows a sample WAN that connects LANs located in different cities This 
WAN connects physically remote devices through an ISON network. For example^. 
WAN permits users in the remote office to access the servers hS-A, . , 

the corporate headquarters. 
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WAN devices include: 

Routers that offer many services, including internetworking and WAN 
interface controls 

• Switches that connect to WAN bandwidth for X.25, Frame Relay, and voice 
data, and video communication. These WAN switches can share bandwidth 
among allocated service priorities, recover from outages, and provide network 
design and management systems 

Modems that interface voice-grade services; channel service units/digital 
service units (CSU/DSU) that interface T 1/E I services; Terminal Adapters/Net¬ 
work Termination 1 (TA/NTI) that interface Integrated Services Digital 
Network (ISDN) services 

• Access servers that concentrate analog (or modem) dialin and dial-out user 
communication and provide other services, such as protocol translation 
between Telnet and X.25 protocol assembler (PAD) 

• Multiplexers that share a WAN facility among several demand channels 

• ATM switches that provide high-speed cell switching 


Enterprise Networks 

The enterprise is a corporation, agency, service provider, or other organization that ties 
together its data, communication, computing, and storage resources. An enterprise net- 
work usually contains a hybrid of both private and public network elements. Anv or all 
of the I.AN and WAN devices described so far can be found on the enterprise network. 

Developments on the enterprise network include: 

L ANs interconnected to provide client/server applications integrated with the 
traditional legacy applications from mainframe data centers 

• F.nd-user needs for higher bandwidth on the LANs, which can be consolidated 
at a switch and delivered on dedicated media 

• Integration of formerly separate networks so the nonbursty traffic from voice 
and video applications coexists on a single network 

• Relaying technologies for WAN service, with very rapid growth in Frame Relay 
and more gradual growth of cell relay (for example, ATM) 


Cisco was the first company to offer a set of products to accommodate an entire enter¬ 
prise network—that is, a set of products that work from the desktop all the way to the 
central office switch of the telecommunications carriers. The company’s products have 
always supported the LAN aspects of the enterprise. With its acquisition of StrataCom, 
Cisco has added the missing pieces that work inside the WAN cloud. 

Network Design Goals 

Regardless of whether it is local-area, wide-area, or enterprise-level, a network is just a 
collection of hardware and software. As mentioned earlier, the global networks of the 
present and future must be designed to meet the unique needs of the organizations they 
support. The role of a network manager is to create and refine that master design. In 
doing so, the manager must satisfy four major design goals: 

• Connectivity —The internetwork must serve those in the organization who 
depend on it. Regardless of the range of media attachments, transmission 
speeds, and other technical details, the network design connects previously 
separate resources. 

• Reliable performance —The organization becomes increasingly dependent on 
its internetworking tools, including the operator interface, the ability to distrib¬ 
ute network software updates, utilities to log and monitor performance, 
redundant and backup operations, and the functions to secure access to re¬ 
sources. Building reliability into the network is critical to ensuring that the or¬ 
ganization can operate competitively. 

• Management control —An internetwork provides crucial functions; it also 
expends critical resources. Administrators continually ask how they can 
improve management controls through tasks such as performance measure¬ 
ment and analysis, resource usage, trouble-ticketing, utilization requirements, 
and security reporting. After the network is designed and operational, trouble¬ 
shooting tasks follow. 

• Scalability —Various pressures put on networks mean that flexibility is an 
important design goal. For example, expansion and consolidation of networks 
require overcoming physical or geographic boundaries. Also, as enterprises 
seek ways to provide new services and products to a network-accessible, global 
economy, they will require new or different network applications. Networks 
must be designed to be scalable—that is, to anticipate future demands and to 
evolve in a smooth, cost-efficient manner. 
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The Layered Model 

For a complex, multivendor internetwork to operate, its devices must be able to com¬ 
municate with each other. The networking industry uses a model—the OS1 model—that 
provides guidelines for that communication. This section explains the concept of data 
encapsulation and demonstrates how data is encapsulated as it travels down the layers 
of the OS1 model. 

Routing functions occur at the network layer of the OSI model, so the network layer is 
particularly important in this book. However, all the layers of the model are overviewed 
here (and covered more extensively in later chapters) because you need to have a general 
understanding of the hierarchy of processes that define network operation. 

Why Use a Layered Model? 

Most communication environments separate the communication functions from appli¬ 
cation processing. This separation of networking functions is called layering. For the 
OSI model, shown in Figure 1-7, seven numbered layers indicate distinct functions. 



Figure 1-7 
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As another example, the distinct functions of the Transmission Control Protocol/Inter 
net Protocol (TCP/IP) fit into five named layers defined by the Department of Defense 
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(DoD) five-layer model. Regardless of the number of layers, there are several reasons 
for dividing network functions: 

• To divide the interrelated aspects of network operation into less complex 
elements 

• To define standard interfaces for "plug-and-play” compatibility and multiven¬ 
dor integration 

• To enable engineers to specialize design and development efforts on modular 
functions enabling new applications and services to be deployed without rede¬ 
signing each losver layer 

• To promote symmetry in the different internetwork modular functions so they 
interoperate 

• To prevent changes in one area from affecting other areas so each area can 
evolve more quickly 

• To divide the complexity of internetworking into discrete, more easily learned 
operation subsets 

A layered model provides a framework for, but does not define an inter- Key 

networking application or protocol. That is, applications and protocols do not Concept 
conform directly to the OSI reference model, but they do conform to the stan¬ 
dards developed from the OSI reference model principles. 

Vendors use the definitions of the layered functions in the OSI model as guidelines in 
designing their network products. In examining each of the functions, the following sec¬ 
tions use NFS (Network File System) as a sample application to apply to some of the 
model layers. NFS provides a distributed approach to UNIX file system access. 

Application Layer 

The application layer provides network services to user applications. For example, the 
NFS user interface can be mapped to this layer of the model. 


Presentation Layer 

' ”^* e Presentation layer provides data representation and code formatting. It ensures that 
*J>e data that arrives from the network can be used by the application, and it ensures 
*at information sent by the application can be transmitted on the network. Examples 
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Peer-to-Peer Communications 

Each layer of a transmitting system uses its own protocol to communicate with its peer 
layer in the receiving system. Each layer’s protocol exchanges information, called pro¬ 
tocol data units (PDUs), between peer layers. A given layer can use a more specific name 
for its PDU. 

For example, in TCP/IP, the transport layer of TCP communicates with the peer TCP 
function using segments, as shown in Figure 1 - 8 . 
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This peer-layer protocol communication is achieved by using the services of the layers 
below the communicating layer. The layer below any given layer provides its services to 
that layer. Each lower-layer service takes upper-layer information as part of the 
lower-layer PDUs it exchanges with its layer peer. 

Thus, the 1 C.P segments become part of the network-layer packets (also called data¬ 
grams) exchanged between IP peers. In turn, the IP packets must become part of the 
ata ink frames exchanged between directly connected devices. Ultimately, these 

ames must become bits as the data is finally transmitted by the physical-layer protocol 
“sing hardware. ret i v 
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Data Encapsulation and Headers 

Each layer of the OSI model depends on the service function of the layer below it. To 
provide service, the lower layer uses encapsulation to put the PDU from the upper layer 
into its data field; then the lower layer can add whatever headers and trailers it will use 
to perform its function. Figure 1-9 shows the headers added by each layer. If you have 
the chance to use an analyzer on your network, you can see the headers embedded in 
the packet. 


figure 1-9 
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The data link layer in turn provides a service to the network layer. It encapsulates the 
network-layer information in a frame. The frame header contains information required 
to complete the data-link functions. For example, the frame header contains physical 
addresses. 

The physical layer also provides a service to the data link layer. This service includes 
encoding the data-link frame into a pattern of ones and zeros for transmission on the 
medium (usually a wire). 

As internetworks perform services for users, the flow and packaging of the information 
changes. Beginning at the transport level, five encapsulation steps occur: 

1. Build the data. 

2. Package data for end-to-end transport. J 

3. Append network address in header. j 

4. Append local address in data-link header. 

5. Convert to bits for transmission. ,3 



Examine each of these steps to see how the data is affected as it is prepared for trans¬ 
mission. As an example, suppose that a Netscape client is browsing a VLebseTver as 
shown in Figure 1-10. This Web browsing operation requires the use of HTFI (Hiper 
Tr.ncnort Protocol) between the hosts. 
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Step 1: Build the Data 

le aser makes a request to open a specific page by sending the UR1. (Uniform Resource 
g-Oc ator) to the Web-serving host daemon process. The request, including the URL, is 
Inverted to data that can traverse the internetwork. 
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Step 2: Package Data for End-to-End Transport 

The data is packaged for the transport subsystem. A transport-layer header is appended 
to the beginning of the data. In this example, the header is a TCP header, and it indicates 
that the data is directed to an HTTP server process. 


Step 3: Append Network Address in Header 

I he data is put into a packet or datagram so the transport function can direct it over 
the internetwork. The packet includes a network header with source and destination 
logical addresses (for example, IP addresses). These addresses help network devices 
send the packets across the network along a chosen path. 

In the example shown in Figure 1 -10, the network layer header would he an IP header 
containing the Netscape users IP address (the source address) and the HTTP server’s IP 
address (the destination address). 

Step 4: Append Local Address in Data-Link Header 

Kach network device must put the packet into a frame so the device can communicate 
over the local interface to another specific interface on the network. The frame allows 
connection to the next directly connected network device on the link. The frame type 
must match the data-hnk type. For example, if your data is sent on an Ethernet network 

using the Ethernet II frame type, the network packet is placed inside an Ethernet II 
frame. 

In the example shown in Figure 1-10, the HTTP request will be addressed to the local 
router in an Ethernet II frame. 

Step 5: Convert to Bits for Transmission 

The frame is then converted into a pattern of ones and zeros for transmission on the 
medium (usually a wire). Some clocking function enables the devices to distinguish 
between these I and “0" bits as they traverse the medium. 

T he medium on the physical internetwork can vary along the path used. For example, , 
the HTTP request can originate on a LAN, cross a campus backbone, go out a J 

low-speed WAN link, and use a higher-speed WAN link until it reaches its destination 
on .mother remote LAN. 




Summary 

Now that you have a basic understanding of the way protocols at different layers of the 
OSI reference model interact, the next chapter delves more deeply into the upper four 
layers of the model. In particular. Chapter 2, “Applications and Upper Layers,” focuses 
on the transport layer, because routers are sometimes involved in transport layer 

functions. 

Keep in mind the design criteria introduced in this chapter: connectivity, reliability, 
management control, and scalability. These principles of design inform the protocols, 
processes, and functions of networking you will read about in subsequent chapters. 
Also keep in mind the pressures that globalization and evolving functions put on the 
task of contemporary network design. 
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Chapter One Test 
The Internetworking Model 

Estimated Time: 1 5 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 

Question 1.1 


Define the three types of networks that make up today’s global internetworks: 




Question 1.2 

What are the seven layers of the OSI model? 

Layer 7:_ 

Layer 6:_ 

Layer 5:_ 

Layer 4:_ 

Layer 3:_ 

Layer 2:_ 

Layer 1:_ 
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Question 1.3 

How can data be defined when it is at the network layer? (Choose two.) 

[a] segments 

[b] packets 
[cl bits 

[d) datagrams 

[e] frames 

Question 1.4 

Which of the following statements accurately describes the functions defined by the net¬ 
work layer of the OSI model? 

[a] defines data representation and code formatting 

[b] sends/receives binary information using device interfaces 

(cl defines network addressing and determines the best path through an internetwork 
Id) synchronizes communications between applications on different hosts 

Question 1.5 

Which line correctly represents the steps of converting data to bits for transmission." 

[a] data, segments, frames, datagrams, bits 

[b] data, frames, segments, bits 

[c] data, packets, frames, datagrams, bits 

[d] data, segments, packets, frames, bits 







Applications 

and Upper Layers 


This chapter discusses the upper four layers of the OS1 reference model—application, 
presentation, session, and transport—with particular emphasis on the transport layer. 
Although these layers are not directly related to routing, understanding their interaction 
with and relationship to one another will help you understand important basic facets of 
network behavior. Understanding the transport layer is of particular importance 
because routers may be involved in transport layer functions at times. 


Application Layer 


The application layer (Layer 7) of the OSI model supports the communicating compo¬ 
nent of an application. The term application in this sense does not refer to computer 
applications—such as word processing, presentation graphics, spreadsheets, data¬ 
bases—but rather to network applications. Examples of network applications include: 




• File transfer 

• Electronic mail 

• Remote access 

• Client/Server processes 

• Information location 

• Network management 


1 






•'f,s 


‘"TT 


51 







G6 


Introduction to Cisco Router Configuration 


Computer applications do have knowledge of an underly ing network and, therefore, 
cannot use the network directly. Rather, a computer application, such as a word pro¬ 
cessing program, can incorporate a network application, such as a file transfer compo¬ 
nent, that allows a document to be transferred electronically over telecommunication 
facilities. This file transfer component qualifies the word processor as an application in 
the OSI context and belongs in Layer 7 of the OSI reference model. 

Many of the network applications offer services for enterprise communication. How¬ 
ever, networking needs in the 1990s and beyond often extend beyond the enterprise. 
Information exchanges and commerce between enterprises increasingly involve inter¬ 
networking applications such as those shown in Figure 2-1. 


Figure 2-1 

When com¬ 
puter applica- 
f ns use both 
network and 
^Internetwork 
application 
4Rk)mponents, 
^^iey become 
Minternetwork 
enterprise 
^applications. 


Computer 

Applications 

Word Processing 
Presentation Graphics 
Spreadsheet 
Database 

Design/Manufacturing 
Project Planning 
Others 


Network 

Applications 

Electronic Mail 
File Transfer 
Remote Access 
Client Server Process 
Information Location 
Network Management 
Others 


Internetwork 

Applications 

Electronic Data Interchange 
World Wide Web 
E-Mail Gateways 
Special-Interest-Bulletm Boards 
Financial Transaction Services 
Internet Navigation Utilities 
Conferencing (Video. Voice, Data) 
Others 


Internetwork application components include: 

• Electronic data interchange (EDI) offers specialized standards and processes to 
improve the flow of orders, shipments, inventories, and accounting informa¬ 
tion between businesses. 

• The World Wide Web links thousands of servers using a variety of formats 
including text, graphics, video, and sound. Browsers such as Internet Explorer 
and Netscape Navigator simplify access and viewing. 

• The e-mail gateways might use the X.400 standard or Simple Mail Transfer 
Protocol (SMTP) to pass messages between different e-mail applications. 

• Thousands of special-interest bulletin boards connect people who can chat 
with each other, post messages, and share public-domain software. 

• Transaction services aimed at the financial community obtain and sell informa- J 

tion including investment, market, commodity, currency, and credit data to'1 
subscribers. M 
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• Special-purpose applications such as Gopher, Fetch, and Wide Area Informa¬ 
tion Server (WAIS) help navigate the way to resources on the Internet. 

• People located in different regions use conferencing applications to communi¬ 
cate via live and prefilmed video, voice, data, and fax exchange. 

Presentation Layer 

The presentation layer provides code formatting and conversion services. Code format 
ting ensures that applications have meaningful information to process. It necessary, tile- 
presentation layer translates between multiple data representation formats for text, 
data, audio, video, and graphics, as shown in Figure 2-2. 

Figure 2-2 

The presenta 
tton layer 
handles con¬ 
version and 
formatting fo 
text, graphics 
video, and 
audio ele 
ments 


Text and Data Formatting and Conversion 

The presentation layer deals not only with the format and representation of actual user 
data, but also with data structure used by programs. Therefore, the presentation layer 
negotiates data transfer syntax for the application layer. 

For example, the presentation layer is responsible for syntax conversion between sys 
terns that have differing text and data character representations, such as EBCDIC, and 
ASCII. Another example of a presentation environment is Hypertext Markup Language 
(HTML), which describes how multimedia used on the Web should appear when 
viewed by a browser such as Internet Explorer and Netscape Navigator. 

Presentation-layer functions also include data encryption. Processes and codes convert 
data so that the data can be transmitted with its information content protected from 
|unauthorized receivers. Other routines compress text or convert graphics images into 
i bitstreams for transmission across a network. 
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Graphics Formatting and Conversion 

Graphics formats include PICT, a picture format used to transfer QuickDraw graphics 
between Macintosh or PowerPC programs; Tagged Image File Format (TIFF), a stan¬ 
dard graphics format for high-resolution, bitmapped images; and JPEG, a picture for- 
mar standard defined by the Joint Photographic Experts Group. 


Audio and Video Formatting and Conversion 

For audio and video, presentation layer standards include Musical Instrument Digital 
Interface (MIDI) for digitized music. Acceptance is growing for the Motion Picture 
Experts Groups (MPEG) standard for compression and coding of motion video for 
CDs digital storage, and bit rates up to 1.5 Mbps. QuickTime handles audio and video 
ror Macintosh or PowerPC programs. 


Session Layer 

Ih( session layer establishes, manages, and terminates communication sessions 
between applications. Essentially, the session layer coordinates service requests and 
responses that occur when applications communicate between different hosts. 

For example, the session layer might set the exchange to be full or half duplex, define 
and group formatted data, and offer some session recovery or checkpoint mechanism 
between the applications coordinated between the hosts. 

Figure 2-3 depicts a communication between two different hosts. The session layer has 
set the exchange to be half duplex (single request, single reply) and includes a check¬ 
point (session number) to ensure the transactions are matched between requests and 
replies. 


igure 2-3 
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The following are examples of session-layer protocols and interfaces: 

• Structured Query Language (SQL)— Database language developed by IBM to 
give users an easier way to specify their information needs on local and remote 
systems. 

• Remote Procedure Call (RPC) —General redirection mechanism for distributed 
service environments. RPC procedures are built on clients and then executed 
on servers. 

• AppleTalk Session Protocol (ASP) —Establishes and maintains sessions between 
an AppleTalk client and a server. 

• Digital Network Architecture Session Control Protocol (DNA SCP)— DECnet 
session-layer protocol. 

Transport Layer 

The transport layer defines end-to-end connectivity between host applications. Trans¬ 
port services include four basic functions: 

• Segment upper-layer applications —Transport services can segment and reas¬ 
semble several upper-layer applications onto the same transport-layer data 
stream. 

• Establish end-to-end operations —This transport-layer data stream provides 
end-to-end transport services. It constitutes a logical connection between the 
endpoints of the internetwork: the originating or sender host and the destina¬ 
tion or receiving host. 

• Send segments from one end host to another end host —As the transport layer 
sends its segments, it can also ensure data integrity through the use of checksum 
calculations on the data and provide flow control mechanisms. Flow control 
avoids the problem of a host at one side of the connection overflowing the 
buffers in the host at the other side. Overflows can cause lost data. 

Ensure data reliability (optional) —Transport services also allow users to 
request reliable data transport between communicating end systems. Reliable 
transport guarantees that a stream of data sent from one machine will be 
e ivered through a functioning data link to another machine without duplica¬ 
tion o data or data loss. Data reliability may also ensure that data is received 
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in the same order in which it was sent. A connection-oriented relationship 
between the communicating end systems is required for reliable transport. 
Connection-oriented sessions are discussed in more detail later in this chapter. 

The following sections examine the transport-layer technologies available for control¬ 
ling and optimizing communications. 

Multiplexing 

Multiplexing refers to the capability of multiple applications to share a transport con¬ 
nection. One reason for different layers in the OSI reference model is to accommodate 
multiplexing. 

Transport functionality is accomplished segment by segment. Each segment is autono¬ 
mous. Different applications can send successive segments on a first-come, first-served 
basis. These segments can be intended for the same destination host or many different 
destination hosts. 

Software in the source machine must set the necessary port number for each software 
application before transmission, as illustrated in Figure 2-4. When sending a message, 
the source computer includes extra bits that encode the message type, originating pro 
gram, and protocols used. Each software application that sends a data stream segment 
uses the same previously defined port number. 


Figure 2-4 

Transport 
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When the destination computer receives the data stream, it can separate the individual 
segments and reassemble each application’s segments. This process allows the transport 
layer to pass the data up to its destination peer application. 
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TCP uses port numbers to multiplex from the transport layer to the application layer 
These port numbers, listed in RFC 1700, have assigned ranges. Port numbers 1 to 10 5 
are called well-known port numbers and are reserved for particular protocols, for 
example if the graphics file transfer is FTP, the initial application port value uses 1; the 
terminal session Telnet uses port 2.3. Table 2.1 shows defined port numbers tor some ot 
the commonly used protocols. 

Number Protocol_- 

Port 20 File Transfer Protocol |Default Data! 

Port 21 File Transfer Protocol [Control] 

Port 23 Telnet 

Port 25 Simple Mail Transfer Protocol 

Port 53 Domain Name Server 

Port 67 Bootstrap/DHCP Protocol Server 

Port 68 Bootstrap/DHCP Protocol Client 

Port 69 Trivial File Transfer Protocol 

Port 70 Gopher 

Port 80 World Wide Web HTTP 

Port 119 Network News Transfer Protocol 

Port 123 Network Time Protocol 

Port 161 SNMP 

Port 162 SNMP TRAP 

Port 179 Border Gateway Protocol 

Port numbers in the range 1024 to 65,535 can be registered for convenience but are not 
assigned exclusively to one protocol; they can and often do have local significance. 

Other protocol suites, such as NetWare’s 1PX/SPX protocol suite, have similar defini¬ 
tions (although they use the term sockets). 

Connection-Oriented Sessions 

To use the reliable transport services, two users of the transport layer must establish a 
connection-oriented session with each other. In essence, one machine places a call that 
must be accepted by the other. 

For data transfer to begin, both the sending and receiving application programs inform 
f their respective operating systems that a connection will be initiated. Protocol software 
Modules in the two operating systems communicate by sending messages across the net- 
Epork to synchronize connection parameters, verify that the transfer is authorized, and 


Table 2-1 

TCP defined 
port number 
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Figure 2-5 
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it. Second, if many computers simultaneously need to send datagrams through a single 
gateway or to a single destination, that gateway or destination can experience conges¬ 
tion, even though no single source caused the problem. 

When datagrams arrive too quickly for a host or gateway to process, they are stored in 
memory temporarily. If the datagrams are part of a small burst, this buffering solves the 
problem. If the traffic continues, the host or gateway eventually exhausts its memory 
and must discard additional datagrams that arrive. In this case, the host or gateway 
becomes the communications bottleneck. 

Instead of allowing data to be lost, the transport function can, in a connection-oriented 
session, issue a “not ready" indicator to the sender, as illustrated in Figure 2-6. 
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Figure 2-6 

When the 
receiver's 
buffer space 
fills, it sends a 
message indi¬ 
cating that it 
cannot handle 
more data. 


Acting like a red light, this indicator signals the sender to stop sending segment traffic 
to its peer. When the peer receiver can handle additional segments, the receiver sends a 
ready transport indicator, which is like a go signal. When it receives this indicator, 
the sender can resume segment transmission. 


Flow Control with Windowing 

Jn the most basic form of reliable connection-oriented data transfer, data segments must 
e ivered to the recipient in the same sequence that they were transmitted. The pro- 
: o m question fails if any data segments are lost, damaged, duplicated, or received in 
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a different order. The basic solution is to have a recipient acknowledge the receipt of 
every data segment. 

If the sender has to wait for an acknowledgment after sending each segment, through¬ 
put will be low. Because time is available after the sender finishes transmitting the data 
segment and before the sender finishes processing any received acknowledgment, the 
interval is used for transmitting more data. The number of data segments the sender is 
allowed to have outstanding—without yet receiving an acknowledgment—is known as 
the window. 

Windowing is a method to control the amount of information transferred end-to-end. 
TCP/IP uses a Window field in the TCP header to indicate the buffer space available for 
incoming data. When the window size equals 0 (zero), the sender must stop sending 
until it receives a packet with a non-0 window size. 

Figure 2-7 contrasts a window size of 1 with a window size of 3. With a window size 
of 1, the sender waits for an acknowledgment for every data segment transmitted. With 
a window size of 3, the sender can transmit three data segments before expecting an 
acknowledgment. 

Windowing is an end-to-end facility between sender and receiver. In Figure 2-7, the 
sender and receiver are workstations on a small network. No router intervenes in the 
windowing function between them, which is fine because there is little or no chance that 
their acknowledgments and packets will intermix as thev communicate. 


Figure 2-7 
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Positive Acknowledgment 

Positive acknowledgment with retransmission is one technique that guarantees reliable 
delivery of data streams. Positive acknowledgment requires a recipient to communicate 
with the source, sending back an acknowledgment message when it receives data. The 
sender keeps a record of each segment it sends and waits for an acknowledgment before 
sending the next segment. 

This system of waiting for an acknowledgment before sending more data is vailed 
an expectation^ acknowledgment system ; it is used by TCP and SPX transport layer 
protocols. 

The sender also starts a timer when it sends a segment, and it retransmits a segment it 
the timer expires before an acknowledgment arrives. 

In Figure 2-8, the sender transmits segments 1, 2, and 3. The receiver acknowledges 
receipt of the segments by requesting segment number 4. The sender, upon receiving the 
acknowledgment, sends segments 4, 5, and 6. If segment number 5 does not arrive at 
the destination, the receiver acknowledges with a request to resend segment number 5. 
The sender resends segment number 5 and must receive an acknowledgment to continue 
with the transmission of segment number 7. 



12 3 4 5 6 


1 2 3 4 5 6 


Figure 2-8 
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^Various protocols handle retransmissions in different ways. Some protocols request 
^lending only the missing segment. Others may request retransmission of the entire set 
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of segments. As you might imagine, a protocol that requests only retransmission of 
missing segments is more efficient and effective. 


Key Remember that flow control is achieved through windowing, while reliability 
oncept is achieved through error detection and retransmission. 


Summary 

This chapter has focused on the upper layers of the OSI model with a particular empha 
sis on the transport layer. Routing functionality is defined at the network layer of the 
OSI model, which is discussed in more detail in Chapter 4, “Network Layer and Path 
Determination.” However, a router may act at the transport layer as an endpoint for 
TCP communications. For example, a router may operate as a sender or receiver for 
windowing in synchronized, two-way traffic or for voice traffic over TCP. 

The next chapter focuses on the physical and data link layers. 
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Chapter Two Test 
Applications and Upper Layers 


i 


Estimated Time: IS minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 


Question 2.1 

Provide three examples of each application type: 
Computer application: 
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Question 2.2 

Match up the following transport layer elements with their functions: 

A. flow control 

B. windowing 

C. retransmission 

D. multiplexing 

E. connection-establishment 

F. positive acknowledgment 

1. _guarantees receipt of data; ensures data integrity 

2 . _occurs when receipt timers expire or an error is detected 

3. _often referred to as the “handshake” process 

4. _enables many applications to use a single data stream 

5. _uses buffering and congestion avoidance to prevent data from overflowing 

memory and possibly being lost before it can be processed 

6 . _controls the amount of data sent end-to-end by defining how many data seg¬ 

ments may be sent before acknowledgment is required 

Question 2.3 

Host A has successfully established a connection-oriented session with host B. Host A 
transmits three data packets (datal, data2, and data3) to host B. One of these packets, 
data2, is involved in a collision during the transmit process. 

How should the data transfer recover and resume? 





This chapter focuses on the first two layers of the OS1 model: the physical layer (Layer 1) 
and data link layer (Layer 2). it looks at the physical and data-link functionality of the 
three most commonly used LAN topologies: Ethernet, Token Ring, and FDDI. Finally, 
this chapter covers the basic WAN technologies available today. 




i 
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Basic Data-Liimk and Physical Layer Functions 

The data link layer provides data transport across a physical link. To do so, the data 
link layer handles the following operations: 

• Physical addressing 

• Network topology 

• Line discipline 

• Error notification 

• Orderly access to the physical medium 

• Flow control (optional) 
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The physical layer specifies the electrical, mechanical, procedural, and functional 

ndTsZsTh" T ,Vat, n ’ mainta T 8 ’ 3nd deactivatin B the physical link between 
end systems. The physical layer specifies characteristics such as: 

• Voltage levels 

• Data rates 

• Maximum transmission distances 

• Physical connectors 

;^inr me T | nd Cha f aCter ', StlCS arc codified standards. For example, 
r.lA/TIA-232 standardizes a physical connection to voice-grade access. 

You can best understand physical and data link layers by considering WAN and LAN 

md dte s $ t SeP rT h ' ° re ’ °[ thC rCSt ° f thiS Chaptcr - the Unctions of these layers, 
nd the standards that represent them, are discussed in distinct sections on LANs and 

™ ' rl I’"'" m T fC , ’ Cer ‘ am layCr Standards are us ed with LAN links, and 
certain other layer standards are used by WAN links. 

L ‘igure 3-1 

'(• are sep 
■ e physical 
(1 data link 
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LANs and 
WANs 


LAN Standards and Standards Organizations 

roday. much of the LAN standards work ,s performed by the Institute of Electrical and 
Electronic Engineers (IEEE). The IEEE 802 committee was formed in February 1980 
( 8 ), -nd month-hence the name of the committee) to standardize LAN technology. 
ic committee has the following subcommittees: 

• 802.1 covers common issues concerning all LANs such as the spanning-trej 

protocol specified in IEEE 802 .ID. 

802.2 is responsible for the logical link control (LLC) sublayer. j 
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802.3 is responsible for LANs based on the carrier sense multiple access 

detCCt (CSMA/CD > aCL ' ess methodology. Ethernet is an example of a 
CSMA/CD network. 

• 802.4 is concerned with token bus networks. Token bus was developed by 

General Motors for computer-controlled manufacturing and is not commonly 
used today. 7 

• 802.5 is responsible for Token Ring networks. The IBM Token Ring and 
IEEE802.5 standards are functionally equivalent. 

One other type of LAN technology in common use today is based on the Fiber Distrib¬ 
uted Data Interface (FDDI). The FDDI standard is the responsibility of the American 
National Standards Institute (ANSI). 

TIA (Telecommunications Industry Association) is the formal organization responsible 
for the standards of telecommunications equipment that connects to the U.S. telecom- 
mumcat'ons network. TIA is closely aligned with the Electronic Industries Association 
(EIA), founded in 1944. The ITU (International Telecommunications Union), head¬ 
quartered in Geneva, Switzerland, is an international organization within which gov¬ 
ernments and the private sector coordinate global telecom networks and services. 

Table 3-1 lists Web address information for these standards organizations. 


Organization 

ansT~ 

EIA 

IEEE 

TIA 

ITU 


www.ansi.org 

www.eia.org/eng/enghome.htm 

www.ieee.org 

www.tiaonline.org 

www.itu.ch 


Table 3-1 ( 
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Figure 3-2 
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LLC Sublayer Functions 

The LLC sublayer provides for environments that need connectionless or connection- 
oriented services at the data link layer. The LLC sublayer (specified by IEEE as 802.2) 
manages communication between devices over a single link of a network. It defines the 
fields that allow multiple higher-layer protocols to share use of the data link. 

The LLC sublayer rests on top of the other 802 protocols to provide interface flexibility. 
Upper-layer protocols (for example, IP at Layer 3) can operate autonomously without 
regard for the specific type of LAN media. This independence occurs because, unlike the 
MAC sublayer, LLC is not limited to a specific 802 MAC protocol. Instead, the LLC 
sublayer can depend on lower layers to provide access to the media. 

The LLC sublayer uses a set of fields, the Destination Service Access Point (DSAP) and 
Source Service Access Point (SSAP), to define a link to the upper OSI layers. 

LLC sublayer options include support for connections between applications running on , 
the LAN, flow control to the upper layer by means of ready/not ready codes, and j 
sequence control bits. 

MAC Sublayer Functions 

The MAC sublayer provides access to the LAN medium in an orderly manner. 

For multiple stations to share the same medium and identify each other, they must have j 
unique addresses. The most important function of the MAC sublayer is defining aj 
unique hardware or data-link address, called the MAC address, for each LAN interfaced! 

On most LAN-interface cards, the MAC address is burned into ROM, hence the terM 
burned-in address (BIA). When the network interface card initializes, this address 
copied into RAM. -3 
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Before exploring details of MAC addresses, you need to have a bit of background on 
physical and logical addressing in networks. 

Physical and Logical Addressing 

Locating computer systems on an internetwork is an essential component of any net 
work system. There are various addressing schemes used for this purpose, depending on 
the protocol family being used. In other words, AppleTalk addressing is different from 
TCP/IP addressing, which in turn is different from IPX addressing, and so on. 

Two important types of addresses are link-layer addresses and network-layer addresses. 
Link-layer addresses (also called physical or hardware addresses) are typically unique 
for each network connection. In fact, for most LANs, link-layer addresses are resident 
in the interface circuitry. 

Because most computer systems have one physical network connection, they have only 
a single link-layer address. Routers and other systems connected to multiple physical 
networks can have multiple link-layer addresses. As their name implies, link-layer 
addresses exist at Laver 2 of the OSI reference model; they are the addresses for which 
the MAC sublayer is responsible. 

Network-layer addresses (also called virtual or logical addresses) exist at Layer a ot the 
OSI reference model. Unlike link-layer addresses, which usually exist within a flat 
address space, network-layer addresses are usually hierarchical. In other words, they 
are like mail addresses, which describe a person’s location by providing a country, a 
state, a Zip code, a city, a street, street address, and finally, a name. One good example 
of a flat address space is the U.S. Social Security numbering system, where each person 
has a single, unique social security number. 


MAC Addresses 

The MAC address is a 48-bit address expressed as 12 hexadecimal digits, as shown in 

Figure 3-3. 

The first six hexadecimal digits of a MAC address (the first 3 bytes) contain a manufac¬ 
turer identification (vendor code) also known as the Organizational Unique Identifier 
iOUM To ensure vendor uniqueness, the IEEE administers OUIs. The last six hexadecimal 
ts are administered by each vendor and often represent the interface serial number. 

’s assigned vendor code is 0x00000c. The MAC address shown in Figure 3-3 is a 
address for an interface manufactured by Cisco. 
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Figure 3-3 

The MAC 
address is 
burned into 
DM on a net- 
ork interface 
card. 



0000.0c 12.3456 




Fxamples of MAC addresses for different vendors include: 

• Cisco: OO-OO-Oc-12-34-56 

• Sun: 08-00-20-12-34-56 

• Apple: 08-00-07-12-34-56 


Finding the MAC Address 

Before a frame is exchanged with a directly connected device, the sending device needs ] 
to “resolve" the logical address to the data-link, or MAC, address. Address resolution , 
provides a mapping between the two different addresses: logical and data link. A| 
commonly implemented address resolution protocol is ARP (RFC 826), used in TCP/IP| 
networks. 

Figure 3-4 illustrates two scenarios in which a sending device discovers the MACJ 
address of the target device by broadcasting an address resolution request. 

In the first scenario, host Y and host Z are on the same LAN. Host Y broadcasts a quer 
onto the LAN indicating that host Y is seeking a data-link address for host Z. Becausj 
host Y has sent out a broadcast, all devices including host Z will process the request 
However, because the request is only for host Z, only host Z will respond with its ov 
MAC address. Host Y receives a reply from host Z and saves the data-link address fd 
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host Z in local memory. The next time host Y needs to communicate with host Z, it 
recalls, from memory, the MAC address for host Z. 

In the second scenario, host Y and host Z are on different LANs but can 
other through router A. When host Y broadcasts its query, router A rec °g"' ze ^ he '°8 
ical address as belonging to host Z on a different LAN. Because router A knows that. 
relays any packets for host Z. router A provides its own MAC address -nreplytothe 
query. Host Y receives the response and saves the MAC address of router A n memory 
The next time host Y needs to communicate with host Z, host Y recalls the stored MAC 
address of router A. 

Hardware addresses are used to get a packet from one local device to anothe 

I device; logical addresses are used to get a packet end-to-end through an Concept 
etwork. 

la important to understand how routers use hardware and logical addresses, 
addresses define the data path along which a packet will be rou e 


Sit 


.i-ar -;-.-a ■*»*.- -» 
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This discussion of address resolution is closely tied to TCP/IP. As you will see later, other 
protocols (such as IPX) have no need for this type of data-link participation in finding 
addresses. There are actually three different methods of obtaining a MAC address: 

• A node asks for and receives an answer through Address Resolution Protocol 
(ARP). This is the method illustrated in Figure 3-4. 


• A node is notified of another station’s address with a hello packet. 

• Addresses are assigned in a predictable way, as with DECnet. 

Common LAN Technologies 

This section extends the discussion of data link layer functions by exploring them in the 
context of specific LAN technologies. Physical layer functions are covered as well. The 
most commonly used LAN technologies are: 

• Ethernet 

• Token Ring 


Ethernet and IEEE 802.3 

Ethernet currently runs the largest number of LANs. Xerox developed Ethernet initially 
and was joined by the Digital Equipment Corporation (Digital) and Intel to define the 
Ethernet I specification in 1980. The same group subsequently released the Ethernet II 
specification in 1984. The Ethernet specification describes a Carrier Sense Multiple 
Access/Collision Detection (CSMA/CD) access method. 

The IEEE 802.3 subcommittee adopted Ethernet as its model for its CSMA/CD LAN 1 
specification. As a result, Ethernet II and IEEE 802.3 are identical in the way they use ■ 
the physical medium. 

The two specifications differ in their descriptions of the data link layer. IEEE 802.3 | 
splits the data link layer into two separate entities: the MAC sublayer and the LLC sub : J 
layer. The Ethernet II specification does not split them or offer LLC services. These difj| 
ferences do not prohibit manufacturers from developing network interface cards that! 
support the common physical layer, MAC addressing, and software that recognizes thtffl 
differences between the two logical link control layers. V 

Both Ethernet and 802.3 are now administered by the IEEE 802.3 committee. \ 
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bit Ethernet). (An earlier version of Ethernet that operated at 3 Mbps is now obsolete.) 


There are several defined wiring standards (some of which are illustrated in Figure 3-5) 


10Base2 (known as thin Ethernet) allows network segments up to 185 meters 
on coaxial cable. 

10Base5 (known as thick Ethernet) allows network segments up to 500 meters 
on coaxial cable. 

lOBaseT carries Ethernet frames on inexpensive twisted-pair wiring. 
100BaseFX is a 100-Mbps implementation of Ethernet over fiber-optic cable. 

100BaseT4 is a 100-Mbps implementation of Ethernet using four-pair 
Category 3, 4, or 5 cabling. 


Figure 3-5 
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100BaseTX is a 100-Mbps implementation of Ethernet over Category 5 and 
Type I cabling. ’ 

* lOOVG-AnyLAN The IEEE specification for 100-Mbps implementation of 
Ethernet and Token Ring over four-pair Category 3 UTP, two-or four-pair 

n eg “ ry 5 UTpSTp or hber - Ttle MAC layer is not compatible with the 802 3 
MAC. layer. 

The I0Base5 and 10Base2standards provide access for several stations on the same seg- 
ment. Stations are attached to the segment by a cable that runs from an attachment unit 
interface (AUI ,n the station to a transceiver that is directly attached to the Ethernet 
coaxial cable. In some interfaces, the AUI and the transceiver are co-located in the sta¬ 
tion itself, in which case no cable is required. 

Because the lOBaseT standard provides access for a single station only, stations . 
attached to an Ethernet LAN by lOBaseT are almost always connected to a hub. In a j 
hub arrangement, the huh is analogous to an Ethernet segment. 

The Ethernet/802.3 Interface 

I he Ethernet and 802.3 data links provide data transport across the phvsical link join-1 
g t so devices. Each device on a network has one or more interfaces to the physical! 

hv tt ulr i T ICC ' ntcrfaccs - such « workstations and servers, are identified! 
r>v their MAC. addresses. S 

figure 3-6 shows three devices directly attached to each other over an Ethernet LAN.l 
Tl Apple Macintosh on the left and the Sun workstation in the middle show MAC* 
dd sses used by the data-ink framing. The router on the right also uses MAC* 
addresses for each of its EAN-side interfaces. 


Figure 3-6 
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Eor indicating the 802.3 interface in the Cisco router configuration statements, you J 
use the Cisco IOS interface type abbreviation E followed by an interface number J 
example, E0, as shown in the Figure 3-6). . j 


Ethernet/802.3 Operation 

In a CSMA/CD network using a linear bus design, one node’s transmission traverses the 
entire network and is received and examined by every node. When the signal reaches the 
end of a segment, terminators absorb it to prevent it from going back onto the segment. 

On a lOBaseT network, one node’s transmission is repeated out all connected ports of 
a hub. Again, receiving stations examine these packets. 

For example, in Figure 3-7, two Ethernet/802.3 networks are shown: a linear bus net¬ 
work and a lOBaseT network. In each case. Station A transmits a packet addressed to 
Station D. This packet is received by all stations. Station D recognizes its MAC address 
and processes the frame. Stations B and C do not recognize their addresses and discard 
the frame. 
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Ethernet/802.3 Broadcasts and Multicasts 

The Ethernet/802.3 network definitions include methods for sending packets to all or a 
group of Ethernet devices using broadcasting and multicasting techniques. These tech¬ 
nologies enable a device to transmit a single packet that is processed by many stations. 

Broadcasting is a powerful tool that sends a single frame to all stations at the same time. 
Broadcasting uses a data-link destination address of all ones (FFFF.FFFF.FFFF in hexa¬ 
decimal). As shown in Figure 3-8, if Station A transmits a frame with a destination 
address of all ones, Stations B, C, and D will all receive and pass the frame to their 
respective upper layers for further processing. 


}ure 3-8 
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When improperly used, however, broadcasting can seriously impact the performance of 
stations by interrupting them unnecessarily. For this reason, broadcasts should be used 
only when the MAC address of the destination is unknown or when the destination is 

all stations. 

A multicast address is a MAC address used to identify a group of destinations and is 
indicated by the first transmitted bit of the destination address being set to 1. For Ether¬ 
net, this bit appears as the low-order bit (for example, xxxx.xxxl) in the first byte o 
the destination MAC address. 

Ethernet Frame Types 

Figure 3-9 shows the two basic frame types: Ethernet and 802.3. J 

Both Ethernet and IEEE 802.3 frames begin with an alternating pattern of Is and Osj 
called a preamble. The preamble tells receiving stations that a frame is coming. 
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SNAP Fields 



Immediately following the preamble in both Ethernet and IEEE 802.3 LANs are the des¬ 
tination and source physical address fields. Both the Ethernet and IEEE 802.3 addresses 
are six bytes long. Addresses are contained in hardware on the Ethernet and 1FFF^ 80-.3 
network interface card (NIC). The first three bytes are specified by the Ethernet or IEEE 
802.3 vendor. The source address is always a unicast (single node) address, while the 
destination address may be unicast, multicast (group), or broadcast (all nodes). 

In Ethernet frames, the two-byte field following the source address is a type field. This 
field specifies the upper-layer protocol to receive the data after Ethernet processing is 
complete. 

In IEEE 802.3 frames, the two-byte field following the source address is a length field, 
which indicates the number of bytes of data that follow this field and precede the frame 
check sequence (FCS) field. 

In the case of Ethernet, the upper-layer protocol is identified in the type field. In the case 
of IEEE 802.3, the upper-layer protocol must be defined within the L.LC portion of the 

frame. 

If data in the frame is insufficient to fill the frame to its minimum 64-byte size, padding 
bytes are inserted to ensure at least a 64-byte frame. A packet that is smaller than 64 
. bytes is a runt packet. A packet that is larger than the maximum if 1518 bytes is a giant. 
I Runts and giants are considered errors. 


ij 
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The actual data contained in the frame follows the type field in an Ethernet frame. The 
actual data contained in the frame follows the LLC or SNAP field in an IEEE 802.3 
frame. After physical layer and link-layer processing is complete, this data is sent to an 
upper-layer protocol. 

Following the data field is a four-byte FCS field containing a cyclical redundancy check 
(CRC) value. The CRC is created by the sending device and recalculated by the receiv¬ 
ing device to check for damage that might have occurred to the frame in transit. 

Following the length field is an 802.2 header for Logical Link Control (LLC). The LLC 
header consists of a Destination Service Access Point (DSAP), a Source Service Access 
Point (SSAP), and a control field. 


The DSAP is a one-byte field that simply acts as a pointer to a memory buffer in the 
receiving station. This field tells the receiving NIC in which buffer to put this informa¬ 
tion. This functionality is crucial in situations where users are running multiple protocol 
stacks. The SSAP in the LLC header is analogous to the DSAP and specifies the service 
access point (SAP) of the sending process. 


Although the original 802.3 specification worked well, the IEEE realized that some 
upper-layer protocols required an Ethernet type number to work properly. For example, 
TCP/IP uses the Ethernet type number to differentiate between ARP packets and normal 
IP data frames. To allow proprietary protocols in the 802.2 LLC frame, the IEEE 
defined the Subnetwork Access Protocol (SNAP) format. To specify that a frame is a 
SNAP frame, the DSAP and SSAP are both set to AA (hex). 


The first three bytes of the SNAP header make up the vendor code, or OUI. For exam- i 
pie. Apples OUI is 00 00 F8. Following the vendor code is a two-bvte field containing ; 
the Ethernet type for the frame. Here is where the backward compatibility with Version I 
II Ethernet is implemented. ; | 


As with the 802.3 frame, a four-byte FCS field follows the data field and contains a CRC \ 
value. 


Ethernet/802.3 Reliability 


To understand how CSMA/CD provides an orderly transmission method, consider J 
what typically occurs when a station transmits. When a station wants to transmit, 
checks the network to determine if another station is currently transmitting. If the netj 
work is not being used, the station proceeds with the transmission. While sending, the 
station monitors the network to ensure that no other station is transmitting. Two sta| 
tions might start transmitting at approximately the same time if they determine that t 
network is available. If two stations send at the same time, a collision occurs, as illil 
trated in Figure 3-10. 
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Figure 3-10 
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When a transmitting node recognizes a collision, it transmits a jam signal that causes 
the collision to last long enough for all other nodes to recognize it. All transmitting 
nodes then stop sending frames for a randomly selected time period, called the backoff 
time , before attempting to retransmit. If subsequent attempts also result in collisions, 
the node tries to retransmit up to 16 times before giving up. 


If the two backoff times are sufficiently different, one station will succeed the next time 
it tries to transmit. The mean backoff time doubles with each consecutive collision up 
to the 10th retry, thereby reducing the chance of collision in subsequent transmits. From 
the 10th to the 16th retry, the stations do not increase the backoff time anymore but 
keep it constant. 


High-Speed Ethernet Options 


New applications can cause end users to experience delays and other problems such as 
insufficient bandwidth between end stations. In response to these problems, Ethernet 
networks have moved forward with the availability of 100-Mbps technologies, such as 

these- 




100BaseFX —A 100-Mbps implementation of Ethernet over fiber-optic cable. 
The MAC layer is compatible with the 802.3 MAC layer. 

100BaseT4 A 100-Mbps implementation of Ethernet using four-pair 

Category 3, 4, or 5 cabling. The MAC layer is compatible with the 802.3 MAC 
layer. 


3 
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• 100BaseTX —A 100-Mbps implementation of Ethernet over Category 5 and 
Type 1 cabling. The MAC layer is compatible with the 802.3 MAC layer. 

• 1 00VC— AnyLAN-The IEEE specification for 100-Mbps implementation of 
Ethernet and Token Ring over four-pair UTP. The MAC layer is not compatible 
with the 802.3 MAC layer. 

Increasing Ethernet bandwidth to 100 Mbps solves part of the bandwidth problem. 
Backward compatibility can be an important consideration, however. The 100BaseFX, 
100BaseT4 (four-pair Category 3, 4, or 5 cabling), and 100BaseTX implementations 
are compatible with the 802.3 MAC sublayer, but the lOOVG-AnyLAN specification is 
not compatible with the other technologies. 

Another part of the solution is reducing the contention for the Ethernet media. One method 
of reducing contention is built into the Ethernet standard, namely the CSMA/CD approach. 
Users of traditional Ethernet, a shared-media LAN, must submit to CSMA/CD so that no 
two users can simultaneously communicate over the shared LAN segment. 

Switching also reduces contention for the media by creating multiple segments for desk¬ 
top devices and high-end applications. Figure 3-11 shows a switch on the left that splits 
the Ethernet to reduce the number of users per shared segment. The switch makes mul- j 
tiple 10-Mbps or even 100-Mbps data pipes available. A limited number of users share j 
a single 10-Mbps or 100-Mbps segment. These users work in a smaller collision domain jj 
with less contention from other nodes. For users with high bandwidth needs and serv- i 
ers, you can provide a single dedicated segment per user or server. 


Figure 3-11 
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Segmentation of Ethernet traffic can lead to a point where the switch dedicates a LAN 
segment to a single user. Figure 3-11 shows an Ethernet switch on the right that illus¬ 
trates this situation. Two high-end workstations use their own Ethernet segment to 
receive a dedicated 10 Mbps to 100 Mbps for high-bandwidth applica tions, such as 
medical imaging systems. Servers typically get one or more dedicated 100-Mbps pipes. 

A final part of the solution to insufficient bandwidth is providing the network adminis¬ 
trator with the tools needed to design, deploy, and manage a graceful transition to this 
complex switched internetworking environment. 

Coinciding with the rapid growth of high-speed Ethernet options is the deployment of 
ATM, another high-speed technology. 

Another high-speed technology is Gigabit Ethernet, or lOOOBaseX. Gigabit Ethernet 
builds on top of the Ethernet protocol but increases speed tenfold over Fast Ethernet to 
1000 Mbps, or 1 Gbps. This Media Access Control (MAC) and Physical Interface 
(PHY) standard, which was approved June 25, 1998, promises to be a dominant player 
in high-speed local-area network (LAN) backbones and server connectivity. Customers 
will be able to leverage their existing Ethernet knowledge base to manage and maintain 
Gigabit networks. 

It has been decided that Gigabit Ethernet will look identical to Ethernet from the data 
link layer upward. However, to accommodate the increased speed from 100 Mbps East 
Ethernet to 1 Gbps, several changes need to be made to the physical interface. 1 he chal- 
lenges have been resolved by merging two technologies: IEEE 802.3 Ethernet and ANSI 
X3T11 FibreChannel. Figure 3-12 shows how key components from each technology 
have been combined to form Gigabit Ethernet. 

The resulting standard takes advantage of the existing high-speed physical interface 
technology of FibreChannel while maintaining the IEEE 802.3 Ethernet trame format, 
backward compatibility for installed media, and use of full or half duplex (via carrier 
sense multiple access with collision detection or CSMA/CD). Leveraging two existing 
? technologies helps minimize the complexity of the resulting technology, produces a sta 
p ble technology, and shortens the development time. 

‘ With the approval of the 802.3z (Gigabit Ethernet) standard, Ethernet may gain a lead 
’> *ng edge among LAN technologies in pushing bandwidth speed. 

fcToken Ring and IEEE 802.5 

-vE Toke n Ring was developed by IBM and Texas Instruments in the 1970s. It is still IBM s 
|l|junary LAN technology. The IEEE 802.5 specification is almost identical to IBMs 
Ring. A single Token Ring specification is now administered by the IEEE 802.5 
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Physical Layer: Token Ring/802.5 

The logical topology of an 802.5 network is a r.ng in which each station receives signals . 
from its nearest active upstream neighbor (NAUN) and repeats those signals to IB, 
downstream r ncighbor. Physically, however, 802.5 networks are laid out as stars, with 
each station connecting to a shared central hub called a “£***{ 

The logical and physical configurations are illustrated in Figure 3 ■ fi 

X, J»„™ con„ea »the cn.,.1 b„b .hro.gb Welded o, MM 
wire. . j 

Typically, an MSAU connects up to eight Token Ring stations. For increased per ofi 
mance and port density, you can replace shared MSAUs and hubs with stackable Tok«| 
Ring switches such as Cisco Catalyst 3920 24-port switch. S 
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The Token Ring/802.5 Interface 

The IEEE 802.5 Token Ring protocol parallels IEEE 802.3 by providing both MAC 
sublayer and physical-layer services in a single standard. Token Ring relies on the IEEE 
802.2 LLC sublayer and upper-layer protocols for point-to-point services. Token Ring 
differs considerably from 802.3 in its use of the LAN medium, however. 


Token Ring stations use MAC addresses, including the router shown in Figure 3-13. 
configuring the 802.5 interface on the router, you will use the Cisco IOS software 
type abbreviation for Token Ring (To), followed by an interface number (for 
ToO, as shown in Figure 3-13). Token Ring networks can operate in either a 
Mbps or 16 Mbps access speed. 


speeds on a single ring destroys the integrity of the ring and prohibits 
operation. 


Logical Topology 


Figure 3-13 
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Token Ring/802.5 Operation 

»„on S „ ,m . —■ £:;t 

, u „ ,u„,, nnscpss the token. Because no station can dominate the cable as it ca 

inTcontention based access (CSMA/CD) network, administrators can quite accurate y 
determine and plan network performance. 

If a station receiving the token has no information to send, it simply passes the token to 
^ nex"n.Ta station possessing the token has information to transmit it c aims 
the token and then appends the information it wants to transmit and sends the 
m ;,”n f”,l.» *. ”« «..ion on ,hc Token Rin* .. ,h„.„ F.g... 1-14. 


Figure 3-14 
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Unless early token release (ETR) is used on the Token Ring, only one frame can be cir¬ 
cling the Token Ring at any one time; other stations wishing to transmit must wait ui 
the current frame is removed from circulation and a token becomes available. 

Farly token release (ETR) is an optional feature that allows a station to insert the^tok« 
onto the Token Ring immediately after transmitting an information frame. When early 
token release is in use, more than one frame can circle the Token Ring at a time. 

Because frames proceed serially around the ring, and because a station must claim the 
token before transmitting, collisions do not occur in a Token Ring network. 

Token Ring supports broadcasting and multicasting to enhance efficiency of one-to-manv 
transmissions. Broadcasting may be used to locate a path to a destination. Multicasting 
is used to send packets to special Token Ring management addresses for ring integrity 
and error reporting purposes. 


Token Ring/802.5 Media Control 

Token Ring networks use a priority system that permits certain user-designated 
high-prior,ty stations to use the network more frequently than other stations can .Token 
Ring frames have two fields within the access control field that control priority, the p 
ority field and the reservation field. 

Figure 3-15 illustrates the bits in the access control field that are used to define the cur 
rent priority and reservation priority. 

Access Control Field 

^ PJp|p| T | M | R |r1 r E.~ 

P Priority bits 
T Token bit 
M Monitor bit 
R Reservation bits 


Figure 3-1b 
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Token Ring/802.5 Active Monitor 

One device on each Token Ring configures itself as the active monitor to provide clock¬ 
ing services and maintain the integrity of the token. In case the token is lost or 
destroyed, only the active monitor can purge the ring of all current data and transmit a 
new token for recovery purposes. The active monitor also ensures that frames do not 
circulate endlessly around the ring. 

Figure 3-16 depicts the removal of an “old frame” from the ring. The station at left 
claims the token and transmits a frame on the Token Ring LAN with the monitor bit 
set to 0, indicating that this frame has not passed the active monitor. When the frame 
reaches the active monitor, the active monitor sets the frame’s monitor bit to 1. Before 
the frame returns to the originating station, that station fails. Because the failed station 
is not able to remove its frame, the frame is allowed to start a second circuit of the 
Token Ring LAN. The active monitor detects a frame that it has seen before because the 
monitor bit is set to 1, removes it from the ring, and inserts a new token onto the ring. 


Figure 3-16 

The active 
monitor 
ensures token 
operation on 
the ring for 
media access. 



Active Monitor 


Token Ring/802.5 Reliability 

The IEEE 802.5 specification describes two bits in the frame status field: the A bit, 
which stands for address recognized (the receiving station sets this bit when it recog¬ 
nizes the incoming frame is addressed to the station’s own address), and the C bit, which 
stands for copied (the destination Token Ring station copied the frame into its buffers). 

These two bits are used to indicate the status of an outstanding frame, as shown in Fig¬ 
ure 3-17. An originating station generates a frame with the A and C bits turned off (s et 
to zero). Because the originating station always views the returning frame, it can exam- 
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Figure 3-17 
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ine these two bits to determine whether they have been modified during their journey 
around the ring. 

The A and C bits are duplicated in the Access Control field to provide error detection 
because this frame is not included in any error checking mechanism. Both sets of A and 
C values must be identical, or the frame is considered invalid. 

FDDI 

FDDI is an American National Standards Institute (ANSI) standard that defines a dual 
Token Ring LAN operating at 100 Mbps over a fiber-optic medium, as shown in Figure 
3-18. The FDDI standards were published in 1987 in the ANSI X3T9.5 standards. Cur¬ 
rently, FDDI is a popular campus and backbone LAN technology. 


100 Mbps 



Figure 3-18 

Devices on 
FDDI maintain 
connectivity 
on dual coun¬ 
terrotating 
rings. 













, infmHurtion to Cisco Router Configuration 

62 ____—------ 


ANSI also has defined a Twisted-Pa.r Physical Medium Dependent standard. Based on 
Sid, Copper Distributed D.O tar.rf.ee ICDDII pro.rde, oper.rroo „l 
but with the more commonly used copper cabling. 

Token Ring and FDDI share several characteristics, including token passing and a ring 
architecture. 

Physical Layer: FDDI 

physical medium dependent (PMD) sublayer. 

x , PHY standard deals with data encoding, clocking, and symbols PH\ specifies a 
, method called 4B/5B. This encoding method translates upper-layer 
ES .SfS' perform .be due, iunerro.s of p.s-p d.r. >~d 
maintaining dock synchronization between nodes. 

electronically hostile environments such as factory floors. 

FDDI specifies the following limits: 

• 500 nodes per FDDI LAN 

• 100 -kilometer (km) maximum ring circumference 

. 2-km maximum distance between FDDI nodes using multimode fiber media 

FDDI can operate at high speeds that make it suitable for network applications requir¬ 
ing large bandwidth; for example, video and graphics applications. 

FDDI uses a token-passing protocol that operates on dual counterrotating ring*- ** 

c r _ 19 Under normal operation, data flows on a primary ring, 

.ho»n.nF , sur,M9.We,uo™.op • ,„ehmem i.mon, (DAS.), .«h 

tC'SEXcommume... measeeda* 
Mu'erSause FDDI ha, ,he .elf-he.lmg c.p.tata, » frill ~ «.»** 
back on the other to maintain integrity. 

Mission-critical stations such as routers or mainframe hosts can use a ^ 

dual homing to provide additional fault-tolerance and help guarantee ope 


Dual-Homed Router 



Figure 3-19 

Devices 
attached to 
FDDI use a 
token passu 
method, the 
can be smgi 
or dually 
attached 


dual homing, a station is single-attached to two DACs, thereby providing an active pri¬ 
mary link and a backup path to the FDDI LAN. 



The FDDI Interface 

FDDI is logically and physically a ring topology. Although it operates at higher speeds, 
FDDI is similar to Token Ring. The two network types share many features, such as 
token passing and predictable deterministic delays. 

All FDDI LAN stations use MAC addresses, including the router shown on the right in 
Figure 3-19. The FDDI frame format uses five-bit symbols rather than eight-bit octets. 
Thus, the 48-bit MAC address for FDDI has 12 four-bit symbols. 

To configure the FDDI interface on the router, use the Cisco lOS interface type abbre¬ 
viation F followed by an interface number (for example, F0). 

FDDI Dual-Ring Reliability 

Access to the FDDI dual ring is determined by token possession. However, stations 
attach new tokens to the ends of their transmissions, and a downstream station is 
j allowed to add its frame to the existing frame. Thus, at any given time, several infor- 
‘ mation frames can be circling the ring. 

All stations monitor the ring for invalid conditions such as a lost token, persistent data 
frames, or a break in the ring. If a node determines that no tokens have been received 
, >° rn * ts ^^UN during a predetermined time period, it begins transmitting beacon 
frames to identify the failure and its suggested location. 
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If a station receives its own beacon from upstream, it ^^s^of the 

.- 

work integrity (as illustrated in Figure 3 20). 


Figure 3-20 
FDD! has the 
capability to 
detect faults 
and maintain 
integrity by 
wrapping the 

primary and 
secondary 
rings. 



1. When a failure 
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2. wrap primary and 
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2. wrap primary and 
secondary rings 


3. ...maintaining 
network integrity 


Common WAN Technologies 

wan physical-layer prorocol. describe 
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Sp'^sSbOCs,. alreraare earner,, and Post. Telephone, and Telepraph (PTTI 
agencies. i 

facilities, such as: 

=~ 52 ; 

. Mult,access switched services-For example, » ^uarten^ ,h 0 ^ munica . 
offices connecting into a WAN cloud, such as Frame Re a h each 

nons are switched through the cloud, not necessarily taking the sam P 
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WAN standards are defined and managed by a number of recognized authorities, 
including the following agencies: 

» International Telecommunication Union-Telecommunication Standardization 
Sector (ITU-T), formerly the Consultative Committee for International 
Telegraph and Telephone (CCITT) 

• International Organization for Standardization (ISO) 

• Internet Engineering Task Force (IETF) 

• Electronic Industries Association (ElA) 

WAN standards typically describe both physical layer and data link layer requirements. 
Figure 3-21 identifies several popular WAN services used in internetworks today. 


9 .. 



SDLC 


HDLC 

LAPB 

PPP 


X.25 

Frame Relay 
ISDN 


Wh-m 
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The Synchronous Data Link Control (SDLC) protocol was the original ancestor of most 
WAN framing, connecting remote devices with the central mainframe through 
point-to-point or point-to-multipoint connections. 

The next generation of WAN technologies includes High-Level Data Link Control 
(HDLC) and, for X.25, Link Access Procedure Balanced (LAPB). For Internet WANs, 
Point-to-Point Protocol (PPP) connects peer devices. 

g; switched or relayed services, such as X.25, Frame Relay, and Integrated Services 

■ Digital Network (ISDN), utilize a special device to interface a service provider’s cloud. 
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Figure 3-21 I 
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Physical Laver'- WAN 

The WAN physical layer describes the Typta'ily'the DCeI the ser- 

(DTE) and the data In Ss model, the services ottered to 

r ssSitSE £5.—- -*■ .. 

(CSU/DSU), as shown in Figure 3 22. 

Several physical-layer standards specify this interface: 

• EIA/TIA-232 
. EIA/TIA-449 


• V.35 
. X.21 


F.1A-530 

High-Speed Serial Interface (HSS1) 


Figure 3-22 
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DTE 

Data Terminal Equipment 
End of the user's device 
on the WAN link 


DCE 

Data Circuit-Terminating Equipment 
End of the WAN possessive provider's 
side of the communication facility 
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Data Link Layer: WAN Protocols 

The common data-link encapsulations associated with synchronous serial lines are 
listed in Figure 3-23. 


(Modem) 


Figure 3-2j 
Data link 
encapsula 
tions for sy 


• SDLC-Synchronous Data Link Control 

• HDLC-High*Level Data Link Control 

• LAPB-Lmk Access Procedure. Balanced 

• Frame Relay-Simplified version of HDLC framing 

• PPP-Point-to-Point Protocl 

• ISDN-Integrated Services Digital Network (data-link signaling) 

Synchronous Data Link Control (SDLC) 

SDLC is a bit-oriented protocol developed by IBM. SDLC defines a multipoint W AN 
environment that allows several stations to connect to a dedicated facility. SDLC defines 
a primary station and one or more secondary stations. Communication is always 
between the primary station and one of its secondary stations. Secondary stations can¬ 
not communicate with each other directly. 

High-Level Data Link Control (HDLC) 

HDLC is an ISO standard. HDLC might not be compatible between different vendors 
because of the way each vendor has chosen to implement it. HDLC supports both 
point-to-point and multipoint configurations. 


Unk Access Procedure , Balanced (LAPB) 

LAPB is primarily used with X.25 but can also be used as a simple data-link transport. 
LAPB includes capabilities for detecting out-of-sequence or missing frames as well as 
for exchanging, retransmitting, and acknowledging frames. 
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Frame Relay 

Frame Relay uses high-quality digital techniques in which the error checking of I APR 
is unnecessary. By using a simplified framing with no error correction mechanisms. 
Frame Relay can send Layer 2 information very rapidly, compared to these other WAN 
protocols. 

Point-to-Point Protocol IPPPI 

PPP, described by RFC 1661, was developed by the IETF. PPP contains a protocol field 
to identify the network-layer protocol. 

Integrated Services Digital Network (ISDN) 

ISDN is a set of digital services that transmits voice and data over existing phone lines. 

Summary 

This chapter concludes an overview of all the layers of the OSI reference model except 
one: the network layer. The next chapter focuses on the network layer, where routing 
functionality and capabilities are defined. 
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Chapter Three Test 
Physical and Data Link Layers 

Estimated Time: 1 5 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 

Question 3.1 

What are the Cisco router interface abbreviations for Ethernet, Token Ring, and FDDI? 

_ Ethernet 

_Token Ring 

_FDDI 

Question 3.2 

Which frame types use an Ethernet type field to define the protocol in use? 



Question 3.3 

What are the two sublayers defined within the data link layer? 
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CHAPTER 


Question 3.4 

Write the letter identifying the correct 
protocol or standard in column 1 


ct statement in column 2 that describes the given 


Column 1 

Protocol or Standard 

Column 2 

Topology, Function, or Characteristic 

SDLC 

A) Equivalent of IEEE 802.5 

EIA/TIA-232 

B) Voice-grade access, formerly a 
recommended standard 

802.3 

C) Uses primary and secondary roles for IBM 
data links 

Frame Relay 

D) From original Xerox work; uses field for 
protocol type 

Ethernet II 

E) From IEEE efforts; uses field for length 
rather than type 

FDDI 

F) Uses simplified HDLC for higher-speed 
communication 

Token Ring 

G) Uses five-bit symbols rather than octets in 
its framing 


Network Layer and 
Path Determination 




This chapter discusses the network layer of the OS1 reference model. It covers basic 
information such as how network-layer addressing works with different protocols. It 
explains the difference between routing and routed protocols and contrasts static and 
dynamic routes. It explains how routers track the distance between locations. 

The chapter then covers distance vector, link-state, and hybrid routing approaches. It 
explains the strengths of each approach and describes how each resolves common rout¬ 
ing problems. 


Network Layer Basics 

The network layer interfaces to networks and provides best effort end-to-end packet 
delivery services to its user, the transport layer. The network layer sends packets from 
the source network to the destination network. 

First, this chapter examines general performance of the network layer, including how it 
determines and communicates the chosen path to a destination, how protocol address¬ 
ing schemes work and vary, and how routing protocols work. 
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Path Determination 

Which path should traffic take through a cloud of networks? Path determination occurs 
at Layer 3, the network layer. The path determination function enables a router to eval¬ 
uate the available paths to a destination and to establish the preferred handling of a 
packet. 

Routing protocols use network topology information when evaluating network paths. 
This information can be configured by the network administrator or collected through 
dynamic processes running in the network. 

After the router determines which path to use, it can proceed with switching the packet: 
taking the packet it accepted on one interface and forwarding it to another interface or 
port that reflects the best path to the packet's destination. 

For example, Figure 4-1 depicts a mesh network. There are several possible paths 
between host A and host C. The path determination process is used to find the best path 
possible. 


Figure 4-1 

Host A and 
host C are 
connected 
through multi¬ 
ple paths. 



Which Path? 


To enable path determination, the routing services provide: 

• Routing table initialization and maintenance 

• Routing update processes and protocols 

• Routing domains and address specifications 

• Route metric assignment and control 



Communicating Path Information 


Routers exchange information about available paths through an internetwork. To iden¬ 
tify a path, a name must be assigned to each of the networks along a path. Network 
addresses are used to identify each network link. Path information contains the names 
of all the networks that must be crossed along the path. 

In Figure 4-2, each line between the routers has a number that the routers use as a net¬ 
work address. These addresses convey information about the path of media connections 
used by the routing process to pass packets from a source toward a destination. 



Figure 4-2 

Addresses 
represent the 
path of media 
connections. 


Routers use path information along with path determination mechanisms, path switch¬ 
ing mechanisms, and route processing functions to determine the best path along an 
internetwork. 

The consistency of Layer 3 addresses across the entire internetwork also improves the 
use of bandwidth by preventing unnecessary broadcasts. By using consistent end-to-end 
addressing to represent the path of media connections, the network layer can find a path 
to the destination without unnecessarily burdening the devices or links on the internet¬ 
work with broadcasts. 


1 
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Addressing: Network and Host 

Network addresses consist of a network 1 

. ■»' .. 

.. 

b ers _l, 2, and 3—known by the router. 


Figure 4-3 

An internet¬ 
work address 
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network por¬ 
tion and a host 
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• Novell IPX uses MAC addresses as host addresses; for interfaces thar do not 
have a MAC address, Novell IPX may apply a duplicate MAC address tor the 
node address. 

• DECnet modifies the MAC address to contain a computed node address. 


Protocol Addressing Variations 

The two-part network addressing scheme extends across all the protocols covered in 
this book. How do you interpret the meaning of the address parts? What authority allo¬ 
cates the addresses? These answers vary from protocol to protocol. 


Figure 4—4 shows three sample addressing schemes. 

In the TCP/IP sample IP address, dotted decimal numbers show a network part and a 
host part. The network 10 uses the first of the four numbers as the network part and 
the last three sets of numbers—8.2.48—as a host address. 

The Novell IPX example uses a variation of the two-part address. The network address 
is a hexadecimal (base 16) number that cannot exceed a fixed maximum 
of digits. The host address 0000.0c00.6e25 (also a hexadecimal number) is a 
48 bits long. This host address derives automatically from information in the 
of the specific LAN device. 


Routing processes on internetworks typically are concerned only with the network por¬ 
tion of an address; that is, the information required to deliver data to the appropriate 
network. After the destination network has been reached, however, the hnul router in 
the path must use the host address portion to send the packet to the appropriate device s 
hardware address on the final network. 

Internetworking devices can have more than one network address. Different addresses 
must be assigned for each network-layer protocol supported by a particular device, lor 
example, a device connected to both an AppleTalk and a DECnet internetwork must be 
assigned two network addresses. 

For some network-layer protocols, a network administrator assigns network addresses 
according to a preconceived internetwork addressing plan. For other network-layer 
protocols, assigning addresses is partially or completely dynamic; that is, the protoco 
automates the process. 

Not all network protocols use the host address in the manner shown in Figure 4-3. For 
example: 
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Figure 4-4 

The two ele¬ 
ments that the 
addressing 
schemes dis¬ 
cussed in this 
book have in 
common are 
the network 
and node lor 
host) portions. 



IP and IPX are the two most common Layer 3 address types. You will learn more about 
these and other protocol addressing rules in the next few pages and in subsequent 
chapters. 


TCP/IP Network Addressing 

TCP/IP networks represent addresses as 32-bit entities, divided into a network portion 
and a host portion, as shown in Figure 4-5. 

The Internet Request For Comments (RFC) 1117 divides the network portion into 
classes. All classes of specific Internet-legal network addresses come from a central 
authority: the InterNIC (Internetwork Information Center). The most common of these 
classes follow: 

• Class A—Using 8 bits for the network, with the remaining 24 bits for host 
addressing 

• Class B—Using 16 bits for the network, with the remaining 16 bits for host 
addressing 

• Class C—Using 24 bits for the network, with the remaining 8 bits for host 
addressing 

• Class D—Used for IP multicast addresses 

IP networks typically are subdivided into subnetworks. When an IP address has been 
subnetted, the network part of the address is described by two elements: the network 
number, still assigned by the NIC, and the subnetwork number, assigned by the local 
network administrator. IP addressing is covered in more detail in Chapter 9, “IP 
Addressing." 
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Figure 4-5 

IP addresses 
are 32 bits (4 
bytes) long. 


8, 16. or 24 bits fro m Inter NIC 
Varies with subnet mask 


Network 


Ethernet 


Other Protocol Addressing 

A router can handle many other protocol addressing schemes besides IP addressing. 
Table 4 _i summarizes the main details about three of the most common of these 
schemes. 


Node Address 

48 bits (hex); usually the MAC 
address of a LAN interface 
Up to 8 bits added to network 
number; usually dynamically 
assigned on LAN 
Up to 10 or 11 digits of Network 
terminal Number; usually assigned 
by WAN service provider 


Protocol Network Address 

Novell IPX Up to 32 bits (hex); refers to the 
media (for example, Ethernet) 
AppleTalk Up to 16 bits (dec); refers to 
one or one of many nets in 
cable range on media 

X.25 4 (dec) digits of DNIC with 2- 

(X.121) or 3-digit Data Country Code 

and 1 network digit 


Table 4-1 

Addressing 
details for IPX, 
AppleTalk, and 
X.25. 


The addressing schemes listed in Table 4-1 are covered in greater detail in Chapter 11, 
“Configuring Novell IPX,” Chapter 12, “Configuring AppleTalk,” and Chapter 15, 
“Configuring X.25.” 

Cisco routers can handle these and many other protocol-specific Layer 3 addressing 
•chemes. Two other protocols, DECnet and Banyan VINES, are covered in Appendixes 

•_I ^ 
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Routing Uses Network Addresses 

Routers relay a packet from one data link to another. To relay a packet, a router uses 
two basic functions: a path determination function and a switching function. 

Figure 4-6 illustrates how routers use the addressing for routing and switching func¬ 
tions. When a packet destined for network 10.1.0.0 arrives at Router 1, the router 
knows that the packet should be sent out port E0. 


Figure 4-6 

The network 
portion of the 
address is 
used to make 
path selec¬ 
tions. 



Although the path determination function sometimes is capable of calculating the com¬ 
plete path from the router to the destination, a router is responsible only tor passing the 
packet to the best network along the path. This best path is represented as a direction 
to a destination network. For example, in Figure 4-6, it a packet that ,s destined for 
network 10.4.0.0 arrives at Router 1, the router knows that the best direction to sen 
the packet is out interface E2. Router 2 is the next hop, or router, along the path, 
router uses the network portion of the address to make these path selections. 

The switching function allows a router to accept a packet on one interface and forward 
,t on a second interface. The path determination function enables the router to 
the most appropriate interface for forwarding a packet. 


J7” W ith respect to Layer 3, the term switching is used to describe moving P^k et * 
Concept in from one port and out another port. This is different from Layer 2 switching 

P functionality, which refers to forwarding a packet from one port to anoth P . 

based on the MAC address only. -* 


Chapter 4 


Network Layer and Path Determination 


79 


Routed Versus Routing Protocol 

Confusion often exists between the similar terms routing protocol and routed protocol. 


Routed Protocol 

A routed protocol is a protocol that contains enough network-layer addressing infor¬ 
mation for user traffic to be directed from one network to another network. Routed 
protocols define the format and use of the fields within a packet. Packets that use a 
routed protocol are conveyed from end system to end system through an internetwork. 

The Internet protocol IP and Novell’s IPX are examples of routed protocols. 



Routing Protocol 

A routing protocol supports a routed protocol by providing mechanisms for sharing 
routing information. Routing protocol messages move between the routers. A routing 
protocol allows the routers to communicate with other routers to update and maintain 
routing tables. Routing protocol messages do not carry end-user traffic from network 
to network. A routing protocol uses the routed protocol to pass information between 
routers. TCP/IP examples of routing protocols are Routing Information Protocol (RIP), 
Interior Gateway Routing Protocol (1GRP), Open Shortest Path First (OSPF), and Net¬ 
Ware Link Services Protocol (NLSP), Enhanced IGRP. 

Usually routing protocols function only between routers, but because some routing pro¬ 
tocols are unaware of other routers, they rely on data-link broadcast messages as well. 

At times, these broadcast messages are used by end systems for their own purposes. For 
example, an end system receiving a router’s update broadcast can record the existence 
of the router and use the router at a later time if it needs to acquire information about 
the topology of the internetwork. 

For example, AppleTilk’s address discovery mechanism—AARP—relies on end systems 
learning about neighboring routers. 


Communications that use routed protocols, such as IP, can be forwarded from Key 
***• network to another network. Routing protocols, such as IP RIP, are used to Concept 
•*»*ke decisions on the best path that those packets should travel. 


1 


1 

m 


1 
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Network-Layer Protocol Operations 

When a host application sends a packet to a destination on a different network a data- 
link frame is received on one of a router’s interfaces. The router strips off the MAC. 
header and examines the frame’s network-layer header, such as an IP or IPX header, to 
make a forwarding decision, as shown in Figure 4-7. 


Figure 4-7 

Each router 
provides its 
services to 
support 
upper layer 
functions. 
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The network-layer data is sent to the appropriate network-layer process, and the data- 
link layer frame itself is discarded. 

The network-layer process examines the header to determine the destination network 
and then references the routing table that associates networks to outgoing interfaces. 

The packet is again encapsulated in the data-link frame for the selected interface and 
queued for delivery to the next hop in the path. 

This process occurs each time the packet switches through another router. At the router 
connected to the network containing the destination host, the packet is again encapsu¬ 
lated in the destination LAN’s data-link frame type for delivery to the protocol stack on 
the destination host. 
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Multiprotocol Routing 

Routers are capable of supporting multiprotocol routing. That is, routers can support 
multiple independent routing algorithms and maintain associated routing tables for sev¬ 
eral routed protocols concurrently. This capability allows a router to interleave packets 
from several routed protocols over the same data links. 

Each routed and routing protocol has no knowledge of other protocols. This concept is 
called ships-in-the-night routing. 

For example, in Figure 4-8, router 1 and router 2 handle IP, IPX, AppleTalk, and DEC- 
net traffic. The routing information for each environment is not absorbed by and does 
not affect the other protocols. 
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Later, this chapter discusses an alternative to multiprotocol routing: integrated routing 
m balanced protocols such as Enhanced IGRP. 
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Static Versus Dynamic Routes 

Static knowledge is administered manually: A network administrator enters it into the 
router’s configuration. The administrator must manually update this static route entry 
whenever an internetwork topology change requires an update. Static knowledge can 
be private; by default, it is not conveyed to other routers as part of an update process. 
You can, however, configure the router to share this knowledge. 

Dynamic knowledge works differently. After the network administrator enters configu¬ 
ration commands to start dynamic routing, route knowledge is updated automatically 
by a routing process whenever new topology information is received from the internet¬ 
work. Changes in dynamic knowledge are exchanged between routers as part of the 
update process. 

Static Route Example 

Static routing has several useful applications when it reflects a network administrator’s 
special knowledge about network topology. One such application is security. Dynamic 
routing tends to reveal everything known about an internetwork to sources outside it. 
For security reasons, it might be appropriate to conceal parts of an internetwork. Static 
routing allows an internetwork administrator to specify what is advertised about 
restricted partitions. 

Another application is when an internetwork partition is accessible by only one path. 
In such a case, a static route to the partition can be sufficient. This type of partition is 
called a stub network. Configuring static routing to a stub network avoids the overhead 
of dynamic routing. 

For example, in Figure 4-9, router A is configured with a static route to the remote stub 
network; there is no reason to allow periodic routing updates across the WAN link 
between router A and router B, as would occur with dynamic routing. 

Figure 4-9 

Static routing 
entries can 
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route updates 
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WAN link. 
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Ini Figure 4-10, company X routers possess specific knowledge of the topology of the 
company X internetwork, but not of other networks. Maintaining knowledge of every 
Otter internetwork accessible by way of the Internet cloud is unnecessary and unreason- 
S* 1 ^ not impossible. 
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Instead of maintaining specific internetwork knowledge, each router in company X is 
informed by the default route that it can reach any unknown destination by directing 
the packet to the Internet. 


Adapting to Topology Change 

The internetwork shown in Figure 4-11 adapts differently to topology changes depend¬ 
ing on whether it uses statically or dynamically configured knowledge. 

Static knowledge allows the routers to properly route a packet from network to net¬ 
work. In Figure 4-11, router A refers to its routing table and follows the static knowl¬ 
edge there to relay the packet to router D. Router D does the same and relays the packet 
to router C. Router C delivers the packet to the destination host. 


Figure 4-11 
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table, making the path through router B the preferred path to the destination. The rout¬ 
ers continue sending packets over this link. 

When the path between routers A and D is restored to service, router A can once again 
change its routing table to indicate a preference for the counterclockwise path through 
routers D and C to the destination network. 


Dynamic Routing Operations 

The success of dynamic routing depends on two basic router functions: 

• Maintenance of a routing table 

• Timely distribution of knowledge—in the form of routing updates—to other 
routers 


Dynamic routing relies on a routing protocol to disseminate knowledge. A routing pro¬ 
tocol defines the set of rules used by a router when it communicates with neighboring 
routers. For example, a routing protocol describes: 

• How updates are conveyed 

• What knowledge is conveyed 

• WTien to convey knowledge 

• How to locate recipients of the updates 

In Figure 4-12, router 1 uses IP's RIP protocol to pass routing information from its 
routing table to router 2. 


But what happens if the path between router A and router D fails? Obviously, router 
will not be able to relay the packet to router D with a static route. Until router A is 
ually reconfigured to relay packets hy way of router B, communication with the 
nation network is impossible. 


Dynamic knowledge offers more automatic flexibility. According to the routing table 
generated by router A, a packet can reach its destination over the preferred route 
through router D. However, a second path to the destination is available by way of 
router B. When router A recognizes the link to router D is down, it adjusts its routing 
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Representing Distance with Metrics 

When a routing algorithm updates the routing table, its primary objective is to deter¬ 
mine the best information to include in the table. Each routing algorithm interprets 
“best” in its own way. The algorithm generates a number—called the metric —for each 
path through the network. Typically, the smaller the metric, the better the path. 

Metrics can be calculated based on a single characteristic of a path or by combining sev¬ 
eral characteristics. The metrics most commonly used by routing protocols follow (see 
also Figure 4-13): 

• Hop count —Refers to the number of routers a packet must go through to reach 
a destination. The lower the hop count, the better the path. Path length is used 
to indicate the sum of the hops to a destination. 

• Ticks —Used with Novell IPX RIP to reflect delay. Each tick is 1/18th of a 
second. 

• Cost —Path cost is the sum of the costs associated with each link to a destina¬ 
tion. Costs are assigned (automatically or manually) to the process of crossing 
a network. Slower networks typically have a higher cost than faster networks. 
The lowest cost route is the one believed to be the fastest route available. 

• Bandwidth —The rating of a link’s maximum throughput. Routing through 
links with greater bandwidth does not always provide the best routes. For 
example, if a high-speed link is busy, sending a packet through a slower link 
might be faster. 

• Delay —Depends on many factors, including the bandwidth of network links, 
the length of queues at each router in the path, network congestion on links, 
and the physical distance to be traveled. A conglomeration of variables that 
change with internetwork conditions, delay is a common and useful metric. 

• Load Dynamic factor that can be based on a variety of measures, including 
CPU use and packets processed per second. Monitoring these parameters on a 
continual basis can be resource intensive. 
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Bandwidth 


Hop count 


Reliability 


Ticks 


Reliability —Reflects the propensity of network links to fail and the speed with 
which they are repaired. You can take multiple reliability factors into account 
when assigning reliability ratings. Reliability ratings are usually assigned by the 
network administrator but can be calculated dynamically by the protocol. 

MTU (maximum transmission unit)—The maximum message length in octets 
that is acceptable to all links on the path. It would be considered the fastest 
path to travel along a route that supports larger MTUs and allows maximum 
packet sizes to be used end-to-end. 


Although not used directly by the router, expense is another important metric influence. 
Some organizations might not care about performance as much as operating expenses. 
For instance, even though the bandwidth is less and the delay is longer, sending packets 
over leased lines rather than through more expensive public lines may be preferable to 

some enterprises. 


Routing Protocols 

Most routing algorithms can be classified as conforming to one of two basic algorithms 
^"Stance vector or link state. 


Figure 4-1. 
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Jn'e d' s ' a " ce i ' ector routing approach determines the direction (vector) and distance tn 
any link in the internetwork. nce t0 

JnHr l i nk T ate (alS c < ; alled ? h,,rte u t path first) i,f, P roach learns thc exact topology of the 
entire internetwork (or at least the partition in which the router is situated). 

A third approach the balanced hybrid approach, combines aspects of the link-state and 
distance vector algorithms. te and 

The rest of this chapter covers procedures and problems for each of these routing algo 
rithms and presents techniques for minimizing the problems. 8 8 

Ccfnrlnt Sr*? ^ "° Sin9lebe u St rout ' n 9 algorithm for all internetworks. Network admin - 
Concept .strators must weigh technical and nontechnical aspects of their network to 
determme the best algorithm. Cisco iOS software can configure whatever rout- 
' " ^nT,M ? administrator's internetwork. Distance vector protocols 
r.r^:^ e |? era Y , eSS COm , putat , onall y intensive than linlTsiate^h ods but th £ 
typically use hops to determine the best pa th, KStlhe speed of the links. 

The routing algorithm is fundamental to dynamic routing. Whenever thc topology of 

rou e Ti'br” Realise of growth, reconfiguration, or component failure,'the 
router s knowledge base of the network must also change. 

Know'edge of the network topology needs to be accurate and consistent from router to , 

mternerl k ate ’ COnS,S T L V,eW ’ S called convergence. When all routers in an ! 
converged ° PCrat ' ng "" SamC knowled ^- the internetwork is said to have 1 

timerhTT^k 5 * ! nternctwork ^ure because it reduces the period of i 

im ha routers have outdated knowledge for making routing decisions that could be , 
incorrect, wasteful, or both. 

Distance Vector Routing 

Distance vector-based routing algorithms (also known as Bellman-Ford algorithms) J 
periodically pass copies of a routing table from router to router. Updates between rout- ,' 
ers also communicate topology changes immediately when they occur. 

Each router receives a routing table from other routers connected to the same network I 
its direct neighbors) as shown in Figure 4-14, For example, in the figure, router B 
receives information from router A, its router neighbor across thc WAN link. Router B 4 
adds a distance vector number (such as a number of hops) increasing the distance vector . 


... •• .. ‘ • . . • 

_ 
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es the routing table to its other neighbor, router C. This step-by-step pro 
all directions between direct-neighbor routers. 


Figure 4-14 
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. . In this way, the algorithm accumulates network distances so it can maintain a database 
*4 of internetwork topology information. Distance vector algorithms d o not allow a router 
tdknow the exact topology of an internetwork. 

» ‘ Distance vector information is somewhat analogous to the information found on signs 
R ** * highway intersection. A sign points toward a road leading away from the intersec- 
lion and indicates the distance to the destination. Further down the highway, another 
sign also points toward the destination, but now the distance to the destination is 
Shorter. So long as each successive point on the path shows that the distance to the des- 
1 1 Onstion is successively shorter, the traffic is following the best path. 

|* Examples of distance vector routing protocols are IPX RIP and IP RIP. 


Distance Vector Network Discovery 

router using distance vector routing f 
jyrc 4-1 5, the interface to each directly c 
W4<s as having a distance of 0. 

L ..** * distance vector network discovery f 
15" destination networks ha nn arrn 
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Figure 4-15 
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For example router A learns about other networks based on information it receives 
from router B Each of the other network entries learned from router B is placed in 
rouTer As routing table and has an accumulated distance vector to show how far away 
that learned network is in the given direction. 

Distance Vector Topology Changes 

As mmiontd earlier, remrirr 8 n* «(")«'«commurricare lopol°W change*. *> *' 

SC process, topology change updar.s proceed srep by srep Iron, ton,., 

to router, as shown in Figure 4-16. 
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Distance vector algorithms call for each router to send its entire ^tion 

of its adjacent neighbors. Distance vector routing tables include mformau ^ ^ 

total path cost (defined by its metric) and the logical address of the first ro 


ath to each network it knows about. In Figure 4-15, the metric of each path is shown 
fnthe third column of the routing tables. 

When a router receives an update from a neighboring router, it compares the update to 
own routing table. If it learns about a better route (smaller metric) to a network from 
its neighbor, the router updates its own routing table. To calculate the new metric, the 
router adds the cost of reaching the neighbor router to the path cost reported by the 
neighbor. The new metric is entered into the router’s routing table. 

For example, if router B in Figure 4-16 is one unit of cost from router A, router B would 
add 1 to all costs reported by router A when router B runs the distance vector processes 
to update its routing table. 

Typically, a router sends updates by multicasting or broadcasting its table on each con¬ 
figured port; but other methods, such as sending the table only to preconfigured neigh¬ 
bors, are employed by some routing algorithms. 

Multicast is used by the RIP2, OSPF, and EIGRP routing protocols. RIP and IGRP use 
broadcast. 

Problem: Routing Loops 

Routing loops can occur if the internetwork's slow convergence on a new configuration 
causes inconsistent routing entries. Figure 4-17 uses a simplistic network design to 
show how a routing loop can develop. Later, this chapter looks at how routing loops 
occur and are corrected on more complex network designs. 
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In Figure 4-17, network 10.4.0.0 has failed, initiating a routing loop between routers 
A, B, and C. The following steps describe the process of the loop: 

• Just before the failure of network 10.4.0.0, all routers have consistent 
knowledge and correct routing tables. The network is said to have converged. 
For this example, the cost function is hop count so the cost of each link is 1. 
Router C is directly connected to network 10.4.0.0 with a distance of 0. Router 
A’s path to network 10.4.0.0 is through router B, with a hop count of 2. 

• When network 10.4.0.0 fails, router C detects the failure and stops routing 
packets out its EO interface. Flowever, router A has not yet received notification 
of the failure and still believes it can access 10.4.0.0 through router B. Router 
A’s routing table reflects a path to network 10.4.0.0 with a distance of 2. 

• Because router B’s routing table indicates a path to network 10.4.0.0, router C 
believes it now has a viable path to network 10.4.0.0 through router B. Router 
C updates its routing table to reflect a path to network 10.4.0.0 with a hop 
count of 2. 

• Router A receives the new routing table from router B, detects the modified 
distance vector to network 10.4.0.0, and recalculates its own distance vector to 
10.4.0.0 as 3. 

Because routers A, B, and C conclude that the best path to network 10.4.0.0 is through 
each other, packets destined to network 10.4.0.0 continue to bounce between the three 
routers. 

Symptom: Counting to Infinity 

The invalid updates about network 10.4.0.0 continue to loop, and the hop count incre¬ 
ments each time the update packet passes through another router. This process of contin¬ 
ually incrementing the hop count is called counting to infinity. Without countermeasures 
to stop the process, the loop and the process of counting to infinity will continue indefi¬ 
nitely. IP uses a Time To Live counter to stop “count to infinity” problems. When the 
TTL reaches 0, a router discards the packets, thereby preventing the packets from loop¬ 
ing forever. 

Solution: Defining a Maximum 

The countermeasure to counting to infinity is that distance vector protocols define infin-^ 
ity as some maximum number. Such a maximum can be defined for any routing metric,, 
including hop count. For example, RIP has a maximum hop count of 16. 


With this approach, the routing protocol permits the routing loop until the metric 
exceeds its maximum allowed value. Once the metric value exceeds the maximum, net¬ 
work 10.4.0.0 in Figure 4-17 is considered unreachable. The routers will designate it 
as unreachable in their routing tables and stop circulating update information indicat¬ 
ing the network is reachable. 

By defining a maximum, distance vector routing algorithms are self-correcting in 
response to incorrect routing information, although not immediately so. A loop may 
occur for some finite period of time, until the maximum metric value is exceeded. 

A related concept is the Time To Live (TTL) parameter. The TTL is a packet parameter 
that decreases each time a router processes the packet. When the TTL reaches zero, a 
router discards or drops the packet without forwarding it. A packet caught in a routing 
loop is removed from the internetwork when its TTL expires. 

Solution: Split Horizon 

One way to eliminate routing loops and speed up convergence is through the technique 
called split horizon. The logic behind split horizon is that it is never useful to send infor¬ 
mation about a route back in the direction from which the information originally came. 
In Figure 4-18, for example, router B learns that network 10.4.0.0 is down through the 
' v following steps: 

• Router B has access to network 10.4.0.0 through router C. It makes no sense 
for router B to announce to router C that router B has access to network 
10.4.0.0 through router C. 

• Given that router B passed the announcement of its route to network 10.4.0.0 
to router A, it makes no sense for router A to announce its distance from 
network 10.4.0.0 to router B. 

• Having no alternative path to network 10.4.0.0, router B concludes that 
network 10.4.0.0 is inaccessible. 

In its basic form, the split horizon technique simply does not allow update information 
to flow out the same interface it arrived on. 

Another form of split horizon, called poison reverse, is discussed next. 

Solution: Poison Reverse 

t, l°” revers c is a variation of split horizon. Poison reverse attempts to eliminate rout¬ 
es oops caused by inconsistent updates. With this technique, a router that discovers 
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Figure 4-18 
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an inaccessible route sets a table entry that keeps the network state consistent while 
other routers gradually converge correctly on the topology change. Used with hold¬ 
down timers, which are described in the next section, route “poisoning" is a solution to 
long loops. 

For example, when network 10.4.0.0 goes down, as shown in Figure 4-19, router C can 
poison its link to network 10.4,0.0 by recording a table entry for that link as having 
infinite cost (that is, being unreachable). By poisoning its route to network 10.4.0.0, 
router C is not susceptible to other incorrect updates about network 10.4.0.0 coming 
from neighboring routers that might claim to have a valid alternate path. 

When an update shows the metric for an existing route to have increased sufficiently, 
there is a loop. The route should be removed (poisoned) and put into holddown. Cur¬ 
rently, the rule is that a route is removed if the composite metric increases more than a 
factor of 1.1. It is not safe for just any increase in the composite metric to trigger 
removal of the route, because small metric changes can occur due to changes in channel 
occupancy or reliability. This rule is needed only to break very large loops, because 
small ones will be prevented by split horizon, triggered updates, and holddowns. 


Solution: Hold-Down Timers 

Hold-down timers are used to prevent regular update messages from inappropriately 
reinstating a route that may have gone bad. Holddowns tell routers to hold any changes 
that might affect routes for some period of time. The hold-down period is usually cal¬ 
culated to be just greater than the period of time necessary to update the entire network 
with a routing change. 
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Hold-down timers work as 


follows: 


When a router receives an update from a neighbor indicating that a previously 
accessible network is now inaccessible, the router marks the route as inaccessi¬ 
ble and starts a hold-down timer, as shown in Figure 4-19. If at any time before 
the hold-down timer expires an update is received from the same neighbor in¬ 
dicating that the network is again accessible, the router marks the network as 
accessible and removes the hold-down timer. 

If an update arrives from a different neighboring router with a better metric 
than originally recorded for the network, the router marks the network as ac¬ 
cessible and removes the hold-down timer. 

If at any time before the hold-down timer expires an update is received from a 
different neighboring router with a poorer metric, the update is ignored. 
Ignoring an update with a poorer metric when a holddown is in effect allows 
more time for the knowledge of the change to propagate through the entire 
network. 



Network10.4.0.0 
is unreachable 

ml 

Update after 



10 . 1 . 0.0 



Network 10.4.0.0 is down 
then back up 
then back down 


Figure 4-19 

A router kee, 
an entry for 
the 'netwoi 
down * state 
allowing tin 
for other ro. 
era to recon 
pute tor this 
topology 
change 


Solution: Triggered Updates 

p§ I* 1 previous examples of routing loops, the loops were caused by erroneous infor¬ 
mation calculated as a result of inconsistent updates, slow convergence, and timing of 
updates. If routers wait for their regularly scheduled updates before notifying neighbor¬ 
ing routers of network catastrophes, serious problems can occur. 

^.Normally, new routing tables are sent to neighboring routers on a regular basis. For 
.example, IP RIP updates occur every 30 seconds. IPX RIP updates occur every 60 sec- 
A triggered update is an update that is sent immediately in response to some 
‘ in the routing table. The router that detects a topology change immediately 

& 
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sends an update message to adjacent routers that, in turn, generate triggered und , 
notifying them ad,acent neighbors of the change. Th,s wave of updates will n ^ 
throughout that portion of the network where routes connect to [he faulty 'ink 0 ^ 83 * 

' n Fi8, r,r 2 , 0 |’ f ° reXample ’ muter C ^mediately announces that network 10 4 0 0 ' 


Figure 4-20 
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Triggered updates would be sufficient if you could guarantee that the wave of updates 
reached every appropriate router immediately. However, there are two problems 

' linktrS tHe UPd3te meSSagC bC dr ° Pped ^ some 

* I h lr r [h 8e f r h d UpdateS d ° n °a happen instantan eouslv. It is possible that a 
ro , e hat has not yet received the triggered update will issue a regular update 

h 1 d read Wr0n8t 'T’ l , CaUS ' n8 bad r ° UtC t0 bc re 'nserted ,n a neighbor that 
had already received the triggered update. 

The hol'd do^l W,thbolddowns « designed to get around these problem, 

ttwh ' SayS , f “ Whfn 3 rOUte 15 —wed, no new route to the same des- 

“ : ;7 d 0r a « r,ai " P—od of time. Thus, the triggered update has 

time to propagate throughout the network. 

Implementing Solutions in Multiple Routes 

rnorecomnr 1 Solutio ^ bussed so f ar work together to nt roufj , in a J 
mo e complex network design. In this scenario, the routers have multiple routes to each 
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1. Poison route As soon as router B detects the failure of network 10.4.0.0, 
router B poisons its route to that network by indicating an infinite hop count 
to that network. 

2. Set hold-down timer Once router B poisons its route to network 10.4 0 0 
router B then sets its hold-down timer. 

3. Send triggered update—Router B also sends a triggered update to routers D 
and A, indicating that network 10.4.0.0 is “possibly down.” New route infor¬ 
mation propagates through the rest of this network as the series of connected 
routers set hold-down timers and trigger updates (steps 2 and 3). Routers D 

receive t e triggered update and set their own hold-down timers to sup- 
press any route changes for a specific period of time. Routers D and A, in turn, 

network' 88 '° E indicatin B the possible inaccessibility of 
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Finally, router E receives the triggered update about the status of network 10.4.0.0 from 
routers D and A. Router E then sets its hold-down timer and waits until one of the fol¬ 
lowing events occurs: _ 

• The hold-down timer expires. In this case, router E knows that network 
10.4.0.0 is definitely unavailable. 

• Another update is received indicating the network status has changed. In this 
case, Router E updates its tables with the new information. 

• Another update is received indicating a new route with a better metric. In this 
case, Router E updates its tables with the new route information. 

During the hold-down period, Router E assumes the network status is unchanged from 
its original state and will attempt to route packets to network 10.4.0.0. 

Link-State Routing 

The second basic algorithm used for routing is the link-state algorithm. 

Link-state routing algorithms—also known as shortest path first (SPF) algo¬ 
rithms —maintain a complex database of topology information. Whereas the distance 
vector algorithm has entries for distant networks and a metric value to reach those net¬ 
works but no knowledge of distant routers, a link-state routing algorithm maintains full 
knowledge of distant routers and how they interconnect. Examples of link-state routing 
protocols are NLSP, OSPF,jmd IS-1S. 

Link-state routing uses link-state packets (LSPs), a topological database, the SPF algo¬ 
rithm, the resulting SPF tree, and, finally, a routing table of paths and ports to each net¬ 
work. The following pages cover these processes and databases in more detail. 

Link-State Network Discovery 

Link-state network discovery mechanisms are used to create a common picture of the 
entire internetwork. All link-state routers share this common view of the internetwor ■ 
This is similar to having several identical maps of a town. In Figure 4-22, four networ s 
(W, X, Y, and Z) are connected by three link-state routers (A, B, and C). 
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Network discovery for link-state routing uses the following processes: 


Routers learn of their neighbors; that is, other routers that are on directly 
connected networks with them. This process is often referred to as neighbor 
notification. In link-state routing, each router connected to a network keeps 
track of its neighbors. 

Routers transmit LSPs onto the network. The LSPs contain information about 
which networks the routers are connected to. 

Next, routers construct their topological databases consisting of all the LSPs 
from the internetwork. 

The SPF algorithm computes network reachability, determining the shortest 
path from a router to each other network in the link-state protocol internet¬ 
work. 1 he router uses the Dijkstra algorithm to construct this logical topology 
of shortest paths as an SPF tree with itself as root. The SPF tree expresses paths 
from the router to all destinations. 

The router lists its best paths and the ports to these destination networks in the 
routing table. 


After the 


routers dynamically discover the details of their internetwork, they can use the 


n g table for switching packet traffic 


Figure 4-22 
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Link-State Topology Changes 

Link-state algorithms rely on routers having a common view of the network. Whenever 
a link-state topology changes, the routers that first become aware of the change send 
information to other routers or to a designated router that all other routers can use for 
updates. This action entails the propagation of common routing information to all rout¬ 
ers in the internetwork. To achieve convergence, each router does the following: 

• Keeps track of its neighbors: the neighbor's name, whether the neighbor is up 
or down, and the cost of the link to the neighbor. 

• Constructs an LSP that lists the names and link costs of its neighbor routers. 
This information includes new neighbors, changes in link costs, and links to 
neighbors that have gone down. 

• Sends out this LSP so that all other routers receive it. 

• When it receives an LSP, records the L.SP in its database so that it can store the 
most recently generated LSP from each other router. 

• Using accumulated LSP data to construct a complete map of the internetwork 
topology, it proceeds from this common starting point to rerun the SPF 
algorithm and compute routes to every network destination. 

Each time an LSP causes a change to the link-state database, the link-state algorithm 
recalculates the best paths and updates the routing table. Then every router takes the 
topology change into account as it determines the shortest paths to use for packet 
switching. 

Unlike distance vector algorithms, link-state routing algorithms arc immediately self- 
correcting. A loop is terminated by a link-state routing algorithm as soon as the link- 
state database and routing table are updated. 


Link-State Concerns 

No routing protocol is perfect, of course. Network administrators need to keep in mind 1 
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link-state routing protocols in most situations requires that routers use more 
memory and perform more processing. Network administrators must ensure that the 
louters they select are capable of providing these resources for routing. 

Routers keep track of their neighbors and the networks they reach through other rout- 
ins nodes For link-state routing, memory must hold information from various link- 
state advertisements, the topology tree, and the routing table. 

The processing complexity of computing the shortest path first is proportional to the 
number of links in the internetwork times the number of routers in the network. 

Another cause for consideration is the bandwidth consumed for initial link-state packet 
flooding. During the initial discovery process, all routers using link-state routing proto¬ 
cols send LSPs to all other routers. This action floods the internetwork as routers make 
their peak demand for bandwidth and temporarily reduces the bandwidth available for 
touted traffic that carries user data. 

j After this initial flooding, link-state routing protocols generally require internetwork 
bandwidth only to send infrequent or event-triggered LSPs that reflect topology 

changes. 


v Problem: Link-State Upd ates 

Hie most complex and critical aspect of link-state routing is making sure that all routers 
Ret all the LSPs necessary. Routers with different sets of LSPs will calculate routes based 
OQ different topological data. Then routes become unreachable as a result of the dis¬ 
agreement among routers about a link. Figure 4-23 provides an example of inconsistent 
path information. 

Consider the following sequence of events in Figure 4-23: 

J • Suppose that network 1 between routers C and D goes down. As discussed 
earlier, both routers construct an LSP to reflect this unreachable status. 

Soon afterward, network I comes back up; another LSP reflecting this next 
topology change is needed. 

If the original “Network 1, Unreachable” update message from router C uses 
a slow path, it may arrive at router A after router D’s “Network 1, Back Up 
Now" LSP. 

With unsynchronized LSPs, router A faces a dilemma about which SPF tree to 
construct: Does it use paths with or without network 1, which was most 
recently reported as unreachable? 
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j~Network 1, Unreachable | 
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If LSP distribution to all routers is not synchronized correctly, link-state routing can 
result in invalid routes. 

Utilizing link-state protocols on very jar ge internetworks can intensify the problem Q f 
faulty LSPs being distributed. 

c amn \* ,f one oart of the internetwork comes up first wtth other parts coming up 
f °"“”£ 1°™,'when, n.twotk i, i„ the process of growtng, the «*, m J-N. 
jnd receiving LSPs will vary This variation tail alter and impair convergence, 
might ton ah.- Meren, of the topology before rhey construe, thetr SPF 

trees and routing tables. 

Also on a large internetwork, there ts more likely to be variation in transmission speed 
in different parts of the network. Parts that update more quick y cjin^use pro 
CSat. mom slowly. Eventually a par.tt.on can spit, St. 

1 Z updatmgpar. and a slow updating putt- Then 

bleshoot the link-state complexities to restore acceptable connectivity. 

A kind of chicken-and-the-egg problem exists for link-state routing 
on large internetworks. Specifically, correct delivery of LSI s de P e lds "" " sending I 

table entries, but correct routing table entries depend on accurate LSPs. 
out LSPs cannot assume they will be correctly transported because exist g j 

table entries might not reflect the current topology. 1 

With faulty updates, LSPs can multiply as they propagate through the mternetworltj 
unproductively consuming more and more bandwidth. 


Solution: Link-State Mechanisms 


Link-state routing has several techniques for preventing or correcting potential prob¬ 
lems arising from resource requirements and LSP distribution: 

• A network administrator can reduce the periodic distribution of LSPs so that 
updates occur only after some long, configurable duration. Reducing the rate 
of periodic updates does not interfere with LSP updates triggered by topology 
changes. 

• LSP updates can go to a multicast group rather than in a flood to all routers. 
On interconnected LANs, you can use one or more designated routers as the 
target depository for LSP transmissions. Other routers can use these designated 
routers as a specialized source of consistent topology data. 

• In large networks, you can set up a hierarchy made up of different areas. A 
router in one area of the hierarchical domain does not need to store and process 
LSPs from other routers not located in its area. 

• For problems of LSP coordination, link-state implementations can allow for 
LSP time stamps, sequence numbers, aging schemes, and other related mecha¬ 
nisms to help avoid inaccurate LSP distribution or uncoordinated updates. 

Comparing Distance Vector Routing to Link-State Routing 

You can compare distance-vector routing to link-state routing in several key areas, as 
listed in Table 4-2. 


It w 


Distance Vector 

Views net topology from neighbor’s 

perspective 

Increments metrics as an update passes 

from router to router 

Frequent, periodic updates: slow 

convergent i- 

;Ftoes copies of routing table to neighbo 

routers 


Link-State 

Gets common view of entire network 
topology 

Calculates the shortest path to other 
routers 

Event-triggered updates: faster 
convergence 

Passes link-state routing updates to 
other routers 


Table 4-2 

Comparing 
distance vet 
and link stai 
operational 
qualities. 
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The key differences can be summarized as follows: 

• Distance vector routing gets all topological data from the perspective it receives t 
from processing the routing table information of its neighbors. I.ink-state ' 
routing obtains a wide view of the entire internetwork topology by accumulat¬ 
ing all necessary LSPs. 

• Distance vector routing determines the best path by adding to the metric value i 
of each route for each router that must be crossed to get to a network as tables 
are exchanged from router to router. The larger the metric, the farther away a ; 
network is, the less suitable the path is. For link-state routing, each router , 
works simultaneously to calculate its own shortest path to destinations. 

• With most distance vector routing protocols, updates for topology changes 
come in periodic table updates. The entire tables pass incrementally from ^ 
router to router, usually resulting in slower convergence than in link-state 
routing. With link-state routing protocols, updates are usually triggered by ! 
topology changes. Relatively small LSPs passed to all other routers, or a | 
multicast group of routers, usually result in faster convergence. 

Designing your network’s routing characteristics to meet technical goals—that is, to use 
the quickest, shortest, cheapest, or most reliable path—is not always your only goal as | 
a network administrator. Business concerns can also influence routing policy. Conform- i 
ance with the policies, priorities, and partnerships of an organization impacts routing ‘ 
choices. For example, one routing selection might be considered more desirable because j 
it uses the facilities of a partner or avoids the facilities of a competitor. Multivendor sup- ^ 
port or standards conformity might outweigh technical superiority. 

Operational issues such as the concern for network simplicity are also important. For . 
the chosen routing protocol to properly fit some organizations, it must be easy to set up j 
and manage. It must handle several routed protocols without requiring multiple incon- j 
sistent and complex configuration templates. J 

Finally, avoiding the risk of unproven technologies can also be a factor in designing j 
routing policies and in sustaining a network administrator’s career. 

Hybrid Routing 

This chapter so far has presented the two major types of routing protocols: distance vec 1 
tor and link state. jfl 

An emerging third type of routing protocol combines aspects of both. This third type 
called balanced hybrid. ,? 
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Th balanced hybrid routing protocol uses distance vectors with more accurate metrics 
d termine the best paths to destination networks. However, it differs from most dis¬ 
tance vector protocols by using topology changes to trigger routing database updates. 

The balanced hybrid routing type converges relatively quickly, like the link-state proto¬ 
cols However, it differs from these protocols by emphasizing economy in the use of 
required resources such as bandwidth, memory, and processor overhead. 

Examples of balanced hybrid protocols are OSI’s Intermediate System-to-Intermediate 
System HS-IS) routing and Cisco’s Enhanced Interior Gateway Routing Protocol 
(Enhanced IGRCL 


Basic Routing Processes 

Regardless of whether a network uses distance vector or link-state routing mechanisms, 
its routers must perform the same basic routing functions. The network layer must 
relate to and interface with various lower layers. Routers must be capable of seamlessly 
handling packets encapsulated into different lower-level frames without changing the 
packets’ Layer 3 addressing. 


LAN-to-LAN Routing 

Figure 4-24 shows an example of network layer interfacing in LAN-to-LAN routing. 
In this example, packet traffic from source host 4 on Ethernet network 1.0 needs a path 
to destination host 5 on network 2.0. The LAN hosts depend on the router and its con¬ 
sistent network addressing to find the best path. 


Figure 4-24 

The router 
uses the desti¬ 
nation net¬ 
work address 
contained in 
the packet to 
look up a 
route. 
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When the router checks its router table entries, it discovers that the best path to desti¬ 
nation network 2.0 uses outgoing port ToO, the interface to a Token Ring LAN. 

Although the lower-layer framing must change as the router switches packet traffic 
from the Ethernet on network 1.0 to the Token Ring on network 2.0, the Layer 3 
addressing for source and destination remains the same. In Figure 4-24, the destination 
address remains network 2.0, host 5 despite the different lower-layer encapsulations. 

LAN-to-WAN Routing 

As an internetwork grows, the path taken by a packet might encounter several relay 
points and a variety of data-link types beyond the LANs. For example, in Figure 4-25, 
a packet from the top workstation at address 1.3 must traverse three data links to reach 
the file server at address 2.4 shown on the bottom. 


Figure 4-25 

Routers 
maintain the 
end-to-end 
address infor¬ 
mation as they 
forward the 
packet. 


1.3 

Work Station 


From LAN 


To WAN 


To LAN 


Server 

2.4 
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The routed communications follows these basic steps. 


1 The workstation sends a packet to the file server by encapsulating the packet 
in a Token Ring frame addressed to router A at the data link layer and the file 
server at the network layer. 

2 When router A receives the frame, it removes the packet from the loken Ring 
frame, encapsulates it in a Frame Relay frame, and forwards the frame to rout- 
er B. 

Router B removes the packet from the Frame Relay frame and forwards the 
packet to the file server in a newly created Ethernet frame. 

When the file server at 2.4 receives the Ethernet frame, it extracts and passes 
the packet to the appropriate upper-layer process. 

The routers enable LAN-to-WAN packet flow by keeping the network layer source and 
destination addresses constant while encapsulating the packet at the interface to a data 
link that is appropriate for the next hop along the path. 


3. 


4. 


Summary 

Routers are devices that implement network layer services, including path determina¬ 
tion and switching. Typically, routers are required to support multiple protocol stacks, 
each with their own routing protocols, and to allow these different environments to 
operate in parallel. 

This chapter concludes the overview of background concepts, especially the OS1 refer¬ 
ence model, that you need to understand before configuring routers. The rest of this 
book focuses on operations and techniques for configuring Cisco routers to operate a 
variety of protocols and media types. In particular, the next chapter covers the steps 
required to boot up a Cisco router, and to enter and use the various operating modes. 
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Chapter Four Test 

Network Layer and Path Determination 


Estimated Time: IS minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key. 

Question 4.1 

T F Link-state routers build a common view of internetwork topology. 

Question 4.2 

T F Link-state routing uses periodic updates, resulting in relatively slow convergence. 

Question 4.3 

T F Distance vector routing develops a view from neighbor routers' perspectives. 

Question 4.4 

T F Distance vector routing passes an updated routing table from neighbor to 
neighbor. 

Question 4.5 

T F In link-state routing, events trigger updates for relatively fast convergence. 

Question 4.6 

T F Distance vector routers process updates in parallel with other routers. 

j 
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Question 4. / 

TCP/IP routers 
header. 


forward packets based on the contents of the packet’s 


Question 4.6 

On a lOBaseT network, the 
work layer header. 


frame is placed directly in front of the net 


Destination 10.4.0.6 
Source 00.00. OB. A4.26.39 
Destination port 20 
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Basic Router 
Operations 


This chapter discusses basic startup procedures, the various command modes, and sta¬ 
tus commands of a router. You will develop a model of the router based on components 
that are configurable, and then build on this model to understand how configuration 
commands work. 

The screens in this section reflect Cisco IQS Release 11.2(6). If you are running a differ¬ 
ent version, your screens may vary from jhose shown. 

Starting Up a Router 

This section covers the router components that play a key role in the configuration pro 
cess. It also examines the router startup routines. Knowing which components are 
involved in the configuration process gives you a better understanding of how the router 
•tores and uses your configuration commands. Being aware of the steps that take place 
during router initialization will help you determine what and where problems may 
Occur when you start up your router. 
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External Configuration Sources 

The router can be configured from many locations (see Figure 5-1), including 

. Console Port- Upon initial installation, you configure the router from a 
console terminal, which is connected to the router via the console por . 

• Auxiliary Port— You can also configure a router using the auxiliary port. 

. Virtual Terminals —You can configure a router from vjrtua l tcrminals _0_ 
through 4 after the router is installed on the network. Note that you can access 
a VTY typically via Telnet. 

. TfTP Server—rou 

rr, r °r.,™"u°u.o.v <«*>«. ^»»^ «»- *» 

TFTP server and then download them to the router. 

. Network Management Station- You can manage router 

remote system running network management software such as OscoWorkso, 

HP OpenView, 


Figure 5-1 

Router config¬ 
uration infor¬ 
mation can 
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many sources. 


Virtual 
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I Network 
Management 
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To send and receive configuration information to and from 

server, or network management station, tberouterj pust b . e _c pn fi gu -EE 

traffic. I 
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Cisco routers can be accessed for configuration purposes from the console port, the 
au xi l iary Port land five VTY lines at the same time; up to seven people can configure 
the router at once. 

Because of this, security of the router should be strictly observed through password pro¬ 
tection to avoid unauthorized access of the router configuration files. 


Internal Configuration Components 

The internal architecture of the Cisco router supports components that play an impor¬ 
tant role in the startup process, as shown in Figure 5-2. These components are RAM/ 
DRAM, NVRAM. Flash memory, ROM, interfaces, and ports. 



RAM/DRAM 

RAM/DRAM (Random Access Memory/Dynamic Random Access Memory) is the 
main storage component for the router. RAM is also called working storage and con¬ 
tain s the dynamic configuration information. 

NVRAM 

NVRAM (nonvolatile RAM) contains a backup copy of your configuration. If the 
power is lost or the router is turned off for a period of time, the backup copy of the con- 
guration enables the router to return to operation without needing tp be reconfigured. 

f\f C« ilouj 

flosh Memory 

[ memor y ‘ s a special kind of erasable, programmable read-only memory. This 
L^gpx^onfains a copy of Cisco Internetwork Operating System (Cisco IOS) software. 
1^** niemory has a structure that enables it to store multiple copies of the Cisco IOS 
J|~^ Ware> lowing you to load a new level of the operating system in every router in 
network and then, at some convenient time, to upgrade the whole network to that 
HkT eve . Flash memory content is retained when you power down or restart. 


Figure 5-2 

The internal 
configuration 
components 
consist of sev¬ 
eral elements. 
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ROM contains an initializing bootstrap program and .1 small monitoring system that 
can be used for recovery from a catastrophe. The Cisco 2500, 4000. and 4 500 router 

. U ..... . _L.. .. L -1. . . . I/'VI . . ■ . . . * . ~ 


series have a subset of the Cisco IQS so frware m ROM. The C isco "000 and "’500 
router series have full Cisco IQS software m ROM, You can upgrade the ROM software 
by replacing pluggable chins on the CPlT ~ . 


Interfaces 

Interfaces are the network connections through which packets enter and exit the router. 

Depending on your specific router, the interfaces supported are bthernet, Token Ring, 
serial, BRI, ATM, FDDI, and Ch annel In terface Processor ((.IP) tor SNA snppo|-r Some 
Cisco routers also support BRI, ATM, FDDI, Channel Interface Processor for SNA 
HSSI, FEIP, and MIP interfaces. 

Auxiliary Ports 

Cisco IOS software also allows the auxiliary port to be used for asynchronous routing 
as a network interface. 


System Startup Overview 

T he startup routines for Cisco IOS software have the goal of starting router operations. 
Cisco routers are designed to deliver reliable service for the connecting user networks. 
To succeed, the startup routines must perform three tasks: 

1. Check hardware and conduct a power-on self-test TOST). 

2. Find and load the Cisco IOS software image. The image is the data the router 
uses for its operating system. 

3. Find and apply the router configuration information. This information in¬ 
cludes statements about router-specific attributes, protocol functions, and in¬ 
terface addresses. 

First the router makes sure that it comes up with tested hardware. During the POST 
Process, the router executes diagnostics from ROM on all modules . These d iagnostics 
v erify_the basic operation of the CPU, memory, and interface circuitry. 4 

After verifying the hardware functions, the router proceeds with software initialization*^ 
Some startup routines act as fallback operations that are able to perform the route^jj 



where to find the C isco l( )S software. It sour router does not fine 
or if you interrupt the boor sequence, the system enters ROM 
ROM monitor mode, you can also boot the device or perform di. 
configure the router r<> automatically inmate IU )\1 mommr mn.i 
starts up. 


You can also configure the router to boor rh 
in NVRAM for user-defined instructions 01 


Is there 

a configuration 
file? 


Where should \ 
it be loaded 
from? a 


Enter 

Setup Mode 
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The router can start up from ROM, NVRAM, Flash, or TFTP server. After the router 
has completed the initialization process, it begins operations. At this point, you can 
build new configuration parameters or alter an existing one. In either case, you access 
the router through the user interface commands. 


Accessing the User Interface 

This section covers how to manipulate the Cisco IOS software from a router console. 
The router console can be a workstation running a terminal emulation package, such 
as Hvperterm, or a remote device running Telnet. Both methods give you access to the 
Cisco IOS software user interface to log in, log out, and enter commands for the router. 

This section also covers accessing context-sensitive help, using editing commands, and 
reviewing command history. 

Router Modes 

The Cisco IOS user interface provides access to command modes, as shown in 
Figure *■' 


Figure 5-4 

Cisco IOS sup¬ 
ports seven 
command 
modes 


User EXEC Mode 
Limited examination of 
router Remote access. 


Privileged EXEC Mode 
Detailed examination of router. 
Debugging and testing. File 
manipulation. Remote access. 

Router# 


ROM Monitor Mode 
Used if the operating system does 
not exist in Flash or the boot 
sequence was interrupted during 
startup. 

> or rommon > 


Setup Mode 

Prompted dialog used to establish 
an initial configuration 

RXBoot Mode 

Boot helper software which helps the 
router boot when it cannot find a valid 
Cisco IOS image in Flash memory 

Router<boot> 

Global Configuration Mode 
Commands that affect the system 
as a whole. 

Router (config)# 

Other Configuration Modes 
Complex and multiline configurations. 

Router (config-mode)# 
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Enter a question mark (?) at the system prompt to obtain a list of commands available for 
each command mode 


User EXEC Mode 

Cisco IOS software provides a command interpreter called EXEC, which interprets the 
commands you type and carries out the corresponding operations. 

EXEC has two levels of access to commands: user mode and privileged mode. 

After you log in to the router, you are automatically in user EXEC command mode. In 
general, the user EXEC mode contains nondestructive commands that allow you to 
connect to remote devices, change terminal settings on a temporary basis, perform basic- 
tests, and list system information. User EXEC mode is indicated by the device host name 
followed by the angle bracket (>). 


Privileged EXEC Mode 

The privileged EXEC mode commands set operating parameters. The privileged com¬ 
mands include those commands contained in user EXEC mode, as well as the configure 
command through which you can access the remaining command modes. Privileged 
EXEC mode also includes high-level testing commands, such as debug. To enter privi¬ 
leged EXEC mode, enter enable at the user EXEC prompt - The privileged EXEC mode 
prompt consists of the device host name followed by the pound sign (#). 

Privileged EXEC mode contains potentially destructive commands and should be pass¬ 
word protected. 

From the privileged level, you can access a number of specific configuration modes. 


. FfOM Monitor Mode 

apM monitor mode is a command-line interface (CLI) that allows you to configure 
j|EOur router. ROM monitor mode occurs if your router does not find a valid system 
Bjjtet or if you interrupt the boot sequence during startup. The ROM Monitor prompt 
■gac angle bracket (>). On the Cisco 1003, 1600, 2600, 3600, 4500, 7200, and 7500 
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The continue comm; 


you can also enter ROM mon- 
■h » Rr«ak key during the f irst 


9 <^nn 3000. and 4000 sene s routej> 
reload command and then pressing 


From the Cisco 2Q0CL 
itor mode by entering the 
60 seconds of startup 


Setup Mode 

This mode is an interactive prompi 
ate a first-time basic configuration 
^ivileoed EXEC prompt. Setu| 


new user ere-' 
iT' n g setup at 
, and does not 


followed 


Global Configuration Mode 


Global configuration commands appiy to 
initiate global configuration mode by entering the c 
EXEC mode prompt. Global configuranon mo e i 
(config) followed by the pound sign (#). loeimto 
e nd, or press Ctrl-Z at the pr ompt. 

ZZ olnhll configuration mode, you can access a 


number of other command mj 
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Other Configuration Modes 

These modes provide more specific multiple-line configurations that target individual 
interfaces or functionality, such as modifying the operation of an interface, configuring 
multiple virtual interfaces (called subinterfaces) on a single physical interface, or setting 
an IP routing protocol. 

There are more than 17 different specific config urationjiiodes. To learn more about 
them, refer to www.cisco.com. 

Logging In to the Router 

When you first log in to the router, you will automatically he in user EXEC. mode, lo 
exit user EXEC mode, type logout at the promp t. 

The EXEC command interpreter waits for a specified interval of tune for you to start 
input. If no input is detected, the EXEC resumes the current connection, and you log in 
to the router again. The default interval the router waits for input is_10_rninutes; an 
interval of 0 (zero) specifies the router will not time out. The n_o excc-timcout.comniand 
removes the timeout definition and i s the same as entering the exec-timegMLO.comiii.ind. 
This command is entered in the line configuration mode, which is discussed later in this 
book. 

‘ Enter privileged EXEC mode by entering enable at the user EXEC mode prompt, as 
| shown in Figure 5-5. If privileged EXEC mode has been password protected, you will 
be prompted to enter the password. Exit privileged F.XF.C mode by entering the di sab le. 
- or exit commands. 

E To log out of the router, type e xit or logout. 


m 


% 


Using Passwords 

5 Cisco lOS software supports a variety of security features for controlling access to your 
routers. The most basic form of security is to control who can log in to your router. 1 hi-. 
• *ccess can be controlled by one or more of the following: 




A line access password 
A privileged EXEC mode password 
Encrypted passwords 
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Console 


Figure 5-5 

You must type 
enable to 
enter privi¬ 
leged EXEC 
mode after 
you log m to 
the router. 


Router conO is now available 


Press RETURN to get started 


User mode prompt 


Router> -<2^ 

Router>enable 

Password: 

Router# 

Router#exit 

Router> 

Router>logout 


Privileged mode prompt 


Passwords are set during initial configuration in setup mode or by i 
password command. If an enable password has not been set, ena 
accessed onlv from the router console. 


Individual Line Passwords 


cess to the router by password protecting individual lines. This level 
es the users to verify authorization before they can access any lini. 
console. 


Privileged EXEC Mode Password 

You can also control access to privileged EXEC mode by assigning a password to thi 
mode during the initial setup of the router. 


Encrypted Passwords 

Cisco provides a feature that allows you to encrypt passwords, 
passwords are stored in the router in an encoded form and are 
play the router configuration parameters. This encryption is en: 
password-encryption command. 
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Using a Password 

You can configure your router to have a user password check, as shown in Figure 5-6. 
The password you enter docs not appear onscreen. If you do not enter anything, the 
login process will time out after a while. 

You get three tries to enter the correct password. The router will let you know if the 
password you entered is incorrect. Press Return to acknowledge the message and start 
over from the idle console. 


Router conO is now available 

Press RETURN to get started. 

User Access Verification 
Password: 

Router> 

Router>enable 

Password 


Figure 5-6 

Password 
adding is set 
during initial 
configuration 
or by using 
the enable 
password 
command. 


User Mode Command List 

Once you are in user EXEC mode, you can display all the available commands bv typing 
a question mark (?) at the user EXEC mode prompt, as shown in Figure 5-7. 

The screen displays 22 lines at one time. The More — ** prompt at the bottom of the 
j ^ s P ,a y indicates that multiple screens are available as output. You can resume output 
jO the next available screen bv pressing the spacebar. To display the next line, press the 
^fetmr^ key (or, on some keyboards, the Enter key). Press any other kev to return to the 
user EXEC prompt. 
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Figure 5-7 

Type a ques¬ 
tion mark l?) 
to display 
available com¬ 
mands. 


Router>? 

Exec commands: 
access-enable 

atmsig 

cd 

clear 

connect 

dir 

disable 

disconnect 

enable 

exit 

help 

lat 

lock 

login 

logout 

mrinfo 


Create a temporary Access-List entry 

Execute Atm Signalling Commands 

Change current device 

Reset (unctions 

Open a terminal connection 

List files on given device 

Turn oft pnviledged commands 

Disconnect an existing network connection 

Turn on privileged commands 

Exit from the EXEC 

Description of the interactive help system 

Open a lat connection 

Lock the terminal 

Log in as a particlar user 

Exit from the EXEC 

Request neighbor and version information 
from a multicast router 


Privileged Mode Commend List 


As in the user EXEC mode, you display the available commands for the P nv '^«J j 
EXEC mode by typing a question mark (?) at the privileged prompt, as shown in Figu | 
si Notke that doing so"displays a much larget list of EXEC commands. 


Figure 5-8 

Typing a ques¬ 
tion mark lists 
available com¬ 
mands in priv¬ 
ileged EXEC 
mode. 


Router#? 

Exec commands: 
access-enable 
access-template 

bfe 

clear 

clock 

configure 

connect 

copy 

debug 

disable 

disconnect 

enable 

erase 

exit 

help 

lat 

lock 

login 

logout 

mbranch 


Create a temporary Access-List entry 
Create a temporary Access-List entry 
For manual emergency modes setting 
Reset functions 
Manage the system clock 
Enter configuration mode 
Open a terminal connection 
Copy configuration or image data 
Debugging functions (see also undebug') 
Turn off privileged commands 
Disconnect an existing network connection 
Turn on privileged commands 
Erase flash or configuration memory 
Exit from the EXEC 

Description of the interactive help system 

Open a lat connection 

Lock the terminal 

Log in as a particular user 

Exit from the EXEC 

Trace multicast route down tree branch 


- - more - - 
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Context-Sensitive Help 

If you know a command but are not sure of the complete command syntax, Cisco IDS 
software supports context-sensitive help. This feature allows you to get a list of any key¬ 
words and arguments associated with a specific command. Both the user and privileged 
EXEC modes support context-sensitive help. 

You can abbreviate commands and keywords to the number of characters that allow a 
unique abbreviation. For example, you can abbreviate the clock command to clo. 

When using context-sensitive help, the space (or lack of a space) before the question 
mark (?) is significant. To obtain a list of commands that begin with a particular char¬ 
acter sequence, type those characters followed immediately by the question mark (?). 
Do not include a space. This form of help is called word help , because it completes a 
word for you. 

To list keywords or arguments, enter a question mark (?) in place of a keyword or argu¬ 
ment. Include a space before the question mark. This form of help is called command 
syntax help , because it reminds you which keywords or arguments arc applicable based 
; on the command, keywords, and arguments you already have entered. 

Using Enhanced Editing Commands 

The user interface includes an enhanced editing mode that provides a set of editing key 
| functions. This feature allows you to alter or correct long or complex commands with- 
out having to retype them. 

JS Although enhanced editing mode is automatically enabled with the current software 
release, you can disable it and revert to the editing mode of previous software releases, 
t. To disable editing mode, enter the terminal no editine command at the user EXEC mode 

^ prompt. 

, You might also want to disable enhanced editing if you have written scripts that do not 
( interact well when enhanced editing is enabled. 

Siting command set provides a horizontal scrolling feature for commands that 
*** en “ beyond a single line on the screen. When the cursor reaches the right margin, the 
sCfcn» lman ^ bne s hifts ID spaces to the left . You cannot see the first 10 characters of the 
’ ^ ut y°u can scroll back and check the syntax at the beginning of the command. 
iR; ollowing key combinations help automate scrolling of long lines as described: 

i. a, 

>• * ^ CtrlxA> Move to the beginning of the command line 
<Ctrl><E> Move to the end of the command line 
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• <EscxB> 

Move to the beginning of the previous 

• <CtrlxF> 

Move forward one character 

• <C.trlxB> 

Move back one character 

• <EscxF> 

Move forward one word 


t II Wk press Ctrl-B or the Left arrow key repeatedly until you are at the beg.n- 
n^n^o” the command entry, or press Ctr.-A to return directly to the beginning of the 

figure 5-9, the command entry^nds Beyond ™ 


Figure 5-9 

The editing 

command 
scrolls the line 
horizontally if 
the line is too 
long. 


Router> $ value lor customers, employees, and partners. 


I 


Reviewing Command History 

command h,story feature, you can complete the followmg tasks. 


Set the command history buffer_size. 


Recall commands 

Disable the command historyJeaturg 


To view the current history settings, type show higoryat the pnvileged EXEC prompt, 
as shown in Figure 5-10. - n 

»y command hi.Cor, » enabled, an d ,b. “"“cd do""* 

,rs history buffer. To change the number of command lines the syste 
"h, "n, “'cmmal *.»». u,c tht ..nolnal jj-g;—' 
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Router# show history 
show history 
enable 

terminal history size 10 
terminal no editing 
terminal editing 


Figure 5-10 
Show history 

displays a 
record of 
recent com¬ 
mands. 


The following key combinations automate moving through the command history as 
described: 

• <CtrlxP> or Up ar row Last (previous) command recall 

« < CtrlxN> or Down arrow More recent command recall 

• CTah> Entry completion 

To recall commands in the history buffer beginning with the most recent command, 
press Ctrl-P or the Up arrow key. Repeat the key sequence to recall successively older 
commands. 

To return to more recent commands in the history buffer after recalling commands, 
press Ctrl-N or the Down arrow key. Repeat the key sequence to recall successively 
more recent commands. 

After you enter the unique characters for a command, press the Tab key, and the inter¬ 
face will finish the entry for you. 

On most laptop computers, you may also have additional select and copy facilities 
available. Copy a previous command string, and then paste or insert it as your current 
command entry and press Return. 

Examining Router Status 

This section covers basic commands that you can issue to determine the current status 
of a router. These commands will help you obtain vital information you need when 
monitoring and troubleshooting router operations. 

k is important to be able to monitor the health and state of your router at any given 
Jkoe. Cisco routers have a series of commands that allow you to determine if the router 
functionally correctly or where problems have occurred, as shown in Figure 5-11. 
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Figura 5-11 

Many com¬ 
mands are 
available to 
monitor router 
configuration. 



Router status commands are as follows: 

• show version—Displays the configuration of the system hardware, the software 
version, the names and sources of configuration files, and the boot images. 

• show processes—Displays information about the active processes. 

• show protocols— Displays the configured protocols. This command shows the 
status of any configured Layer 3 (network) protocol. 

. show memory— Shows statistics about the router’s memory, including memory 
free pool statistics. 

• show ip route—Displays the entries in the routing table. 

• show flash—Shows information about the Flash memory device. 

• show running-config (write term on Cisco I QS Release HL2_or earlier)— 
Displays the active configuration parameters. 

• show startup-config (show config on Cisco IQS Release 10.2 or earlier)— 
Displays the backup configuration file. 

• show interfaces— Displays statistics for all interfaces configured on the router. 

The following sections examine several of these commands in more detail. 
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If several routers are exhibiting the same behavioral problems, use the show versior 
Perhaps all problem routers obtained the same image file from the same TFTf 
*® fver ' which could indicate that the image file on the TFTP server is cormnted 


show version Command 

The show version command displays information about the Cisco 10S software version 
running on the router, as shown in Figure 5-12. 


Router#show version 

IOS (tm) 2500 Software (C2500-JS-L), Version 11.2 (6). RELEASE SOFTWARE (fcl) 
Copyright (C) 1986-1997 by cisco Systems, Inc. 

Compiled Tue 06-MAY-97 16:17 by Kuong 

Image text-base: 0x0303ED8C, data-base: 0x00001000 

ROM: System Bootstrap. Version 5.2 (8a), RELEASE SOFTWARE 

ROM: 2500-XBOOT Bootstrap Software. Version 10.1(1). RELEASE SOFTWARE (fcl) 

router uptime is 1 week, 3 days, 32 minutes 

System restarted by reload 

System image file is “c2500-js-1". booted via tftp from 171 69 1.129 


Figure 5-12 

Results of th 
show versio 

command 


This information is important to know when you are upgrading the software on your 
routers or when you are troubleshooting a problem with Cisco support personnel. 

Notice that this command not only shows you the version of the router software, but 
also gives you statistics on how long the system has been up, the name of the system 
image file, and where the system image file originated. Each time the version of the Cisco 
IOS software is revised or updated, a revision number is applied to the version. This revi¬ 
sion number appears in parentheses directly following the version number. In this exam¬ 
ple, the version of the Cisco IOS software is 11.2, and the revision number is (6). 
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Figure 5-13 
The show 
startup- 
config and 
show running- 
config are 
some of the 
most useful 
EXEC 
commands. 


show startup-config Command 
and show running-config Command 

The show startup-config and show running-config commands (shown in Figure s-13) 
are among the most used Cisco lOS software EXEC commands. 



The show startup-config command allows an administrator to see the ipajp!i£ and 
startup configuration commands the router will use on the next restart This backup hie 
is loaded into memory when the router is initialized and contains all the information 
you specified about the router interfaces. You will know that you are looking at t e 
startup configuration file when you see a message indicating how much nonvolatile 
memory has been used. 


The show running-config command displays the configuration inf orma t ion ginning in 
know that you are looking at the running configuration 
when you see the words “ Current Configuration" on the screen. You can make changes 
to the running configuration information; however, those changes will be lost when 
router powers down. To record any configuration changes you make to the running 
configuration, you must copy those changes to the startup configuration file stored 
NVRAM. To copy those changes to the startup configuration file, use_co py runm _g 
con fig star' up-i onhg command. 

In Cisco lOS Release 10.2 and earli er, the command wj Ue-term mal shows the running 
configuration, and the command show config shows the startup configuration. 

show interfaces Command 

The show interfaces command displays configurable parameters and real-time 
related to the interfaces on the router. This command is very useful in determim g^ 
activity and behavior of a specific interface or in verifying any changes you m 
router interfaces. 
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few of the statistics you can obtain from the show interfaces command are: 

• State of the interface 

• Maximum transmission units for the interface 

• Internet address for the interface 

• MAC address for the LAN card (for example, Ethernet, Token Ring, or FDDI 
interface) 

• Encapsulation type 

• Number of packets received 

• Number of input and output packet errors 

• Number of collisions detected (on an Ethernet interface) 

This command is extremely useful in helping you determine the health and operational 
history of a router. 

Examine Figure 5-14. The top line of the output tells you that the line is up. A few lines 
down, the output provides the Internet address and below that some link metrics: BW 
is bandwidth; DLY is delay. On the next line down is HDLC, the default encapsulation 
protocol for serial lines on Cisco routers. 


I ' ■ 

i 

i 






Router#show interlaces 
SerialO is up. line protocol is up 
Hardware is MK5025 

Internet address is 183.8.64.129. subnet mask is 255.255.255.128 
MTU 1500 bytes. BW 56 Kbit. DLY 20000 usee, rely 255/255, load 9/255 
Encapsulation HDLC. loopback not set. keepalive set (10 sec) 

Last input 0:00:00. output 0:00:01. output hang never 
Last clearing of “show interlace" counters never 
Output queue 0/40. 0 drops, input queue 0/75, 0 drops 
Five minute input rate 1000 bits/sec. 0 packets/sec 
Five minute output rate 2000 bits/sec. 0 no buffer 
331885 packets input. 62400237 bytes. 0 no buffer 
Received 230457 broadcasts. 0 runts, 0 giants 
3 input errors. 3 CRC. 0 frame. 0 overrun, 0 ignored, o abort 
403591 packets output. 66717279 bytes. 0 underruns 
0 output errors. 0 collisions. 8 interface resets. 0 restarts 
45 carrier transitions 


Figure 5-14 
The show 
interfaces 

command. 


i 


i a packet that is too small to be legal, and a giant is a packet that is too big. 
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show protocols Command _ _ 

“ m “" d » **” *. p—■« ... 

■ .v„ 3 


Figure 5-15 
The show 
protocols 

command dis¬ 
plays the sta¬ 
tus of Layer 3 
protocols. 



The Cisco router often divides configuration file information into global configuration 
and interface configuration. The global section tells you what traffic this romerTs capa 

such as'prZcol addresses" SCCt ‘ 0n detailed C °" fi 8 U ™°" -formation, 


Summary 

startUD routine's Th’^ '“f ^ abstratt how a Cisco router is initiated with 

me X, how r } he , next , chapter on this topic from a hands-on viewpoint, 

: 2 h0U T , t0 load hies, name a router, set passwords, and configure . 

mt on wdl h eommands introduced in this chapter to examine the router configu-j 
ration will be applied m the next chapter to the task of verifying implementations. J 
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Chapter Five Test 
Basic Router Operations 


Estimated Time: 15 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 


Question 5 .1 


In the blank boxes, write the correct command to access each router element 
5-16. 


Question 5.2 

How can you use the context-sensitive help to list privileged EXF.C commands? 


i Question 5.3 

ghat command is used to enter privileged EXEC mode? 
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Question 5.4 

What happens when you enter the show history command? 


Question 5.5 

What happens when you type exit at the privileged EXEC mode prompt? 


Configuring a Router 



This chapter covers loading a configuration file, configuring a serial interface, and defin¬ 
ing your configuration environment. The chapter presents the configuration modes 
available to a privileged user, as well as commands to enter and review changes. 
Throughout most of this chapter, it is assumed that a configuration file already exists; 
the focus is on loading and managing the file, not on creating it. However, the last sec¬ 
tions of this chapter overview how to use Setup mode to create or change a simple con¬ 
figuration file. 

When you configure a router, there are several possible steps you can take to make and 
save changes. Depending on the particular configuration task, you may not use all the 
steps all the time. In this chapter, you will 


• Load an existing configuration file 

• Change the router identification 



Assign a password to both the user and privileged EXEC modes 
Configure a serial interface 
Save the changes to NVRAM 


f0 fif er US6S ‘ n ^ orrnat ' on f rom the configuration file when it starts up. The configu- 
rVl C Conta ' ns com mands to customize router operation. If no configuration file is 
e, the system configuration dialog setup guides you through creating one. For 
°n the router startup sequence, refer to Chapter 5, “Basic Router Operations.” 
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Figure 6-1 

There are four 
ways to load 
router config¬ 
uration files. 


Loading Configuration Files 

Because the configuration variables affect the router as a whole, you must be in global 
configuration mode before you can create, load, or alter any existing configuration 
information. To enter global configuration mode, type the configure command at the 
privileged EXEC mode. 

Router configuration information can be generated by several means, as shown in Fig¬ 
ure 6-1. Configuration commands can come from a terminal, nonvolatile memory 
(NVRAM), or a file stored on a network server. The default is to enter commands from 
the terminal console. 


Console or (V)- 

Terminal | configure terminal 




copy startup-config running-config 


copy tttp running-config 


TFTP Server 

For IQS release 10.3 and later, you can specify the source of the configuration com: 
mands directly when you enter global configuration mode by typing one of the follow¬ 
i ng commands : 

• configure terminal —Executes configuration commands from the terminal 

• copy tftp running-config—Copies a file from a TFTP server to RAM 


m 


• copy tftp startup-config —Loads a configuration file from a TFTP server 
directly into NVRAM 

• copy startup-config running-config —Copies the configuration information in 
NVRAM to RAM. The router acts as a command-line compiler and reads the 
NVRAM configuration file line by line, overwriting only lines that already exist 
in RAM ( a process called gentle overlay ). If there is a conflict between the two 
sets of parameters, the router will not turn off processes. 

Loading Configuration Files—Releases Before 10.3 

The following commands are used with Cisco IQS Release 10.0 and earlier: 

• configure terminal —Executes configuration commands from the terminal 

• configure memory— Executes the commands stored in NVRAM 

• configure networ k—Copies the configuration file from a network server to 
RAM 

• configure overwrite —Loads a configuration file directly into NVRAM without 
affecting the running configuration. Be careful not to load a file that is larger 
than NVRAM. 

The configure network command supports only TFTP servers. 

Loading Configuration Files from a TFTP Server 

If you have a network consisting of many routers, you can maintain the consistency of 

your configuration files and reduce your workload by repeatedly using one or two 

backup configurations. Using a network server to store backups of your configuration 
cs can save you time and keystrokes. The file is then downloaded when you need it. 
c following example copies a configuration file from a TFTP server to the router, as 

*hown in Figure 6-2. 

To 

’• _ 

tteps: 


retrieve the configuration file stored on your TFTP network server, follow these 


h ^ nter configuration mode by entering the copy tftp running-config command 
^ or configur e network if you are using Release 10.0 or earlier). 
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Figure 6-2 

A TFTP server 
can store 
backup config¬ 
uration files to 
be down¬ 
loaded when 
needed. 


TFTP Server 




Routerttcopy tftp running-config 
Host or network configuration file (host)? 

IP address of remote host (255 255.255.2551? 131 108 2 155 
Name of configuration file [Router-confg]? PI R 1.2 
Configure using P1R1.2 from 131 108 2 155? (confirm] y 
Booting P1R1.2 from 131.108.2.155:1! [OK - 874/16000 bytes] 
P1R1# 


2. Enter the type of configuration file. The prompt gives you the option to load 
one of two configuration file types from the server. These two files are: 

* Host configuration file —This configuration file contains commands that 
a pply to a router in particular . This file type is the default. 

* Network configuration file —This configuration file contains commands 
that apply to all routers and terminal servers on the network. 


3. Enter the network address of the remote host from which you are retrieving 
the configuration file. 

4. Enter the name of the configuration file or accept the default name. 


Fundamental Configuration Tasks 

This section looks at configuration commands that individualize and secure a router. It 
also discusses commands that alter router interfaces, focusing on the serial interface. 
Finally, it covers the steps required to save the altered configuration file. It first looks at 
fundamental configuration tasks by reviewing the router modes that will be utilized. 

Overview of Router Modes 

Chapter 5 introduced the different router modes that affect configuration. Now it’s time 
to take a look at those modes in greater detail. 

Type configure terminal to enter global configuration mode. Global configuration mode 
recognizes commands that affect the whole router. For example, because the router has 
one enable password and one host name, these commands are accepted in global con¬ 
figuration mode. Also, in global configuration mode the router recognizes one-line cotn^ 
mands. Some of these commands cause the router to enter other configuration mode^ 
where it recognizes more complicated and detailed commands. 


r 

■ 
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example of another configuration mode is the interface configuration mode. You 
; this mode by specifying a particular interface. Some commands, such as 
q>eed, are appropriate to Token Ring but would not make any sense on a serial 
rface. Therefore, specifying the interface tells the command executive more about 
.nature of the configuration commands you are about to enter. 

• prompt always identifies the current active mode, including global configuration 
as shown in Figure 6-3. 




Si 


JUter EXEC mode- 

PrMeged EXEC mode - 


Router>enable 


Global configuration mode 


Other 

configuration 

modes 


Router#configuration terminal 
Router(config)#configuration mode command 


, Ctrl-Z (end) 


Figure 6-3 

Each router 
mode has a 
distinct 
prompt so you 
always know 
what the 
current active 
mode is. 


Configuration 

Mode 



Interface 

Subinterface 

Controller 

Line 

Router 

IPX-router 

Route-map 


Router(config-if)# 

Router(config-subif)# 

Router(config-controller)# 

Router(config-line)# 

Router(config-router)# 

Router(config-ipx-router)# 

Router(config-route-map)# 


tom the global configuration mode, you have access to the specific configuration 
*~ l «, including 


” v, 

’* ■ 


Interface , mode Supports commands that configure operations on a per- 
tnterface basis 

Subinterface mode Supports commands that configure multiple virtual inter¬ 
laces on a single physical interface 

t Contro l ler mofe Supports commands that configure channelized T1 

U ne motfe Supports commands that configure the operation of a terminal 








138 


Introduction to Cisco Router Configur.itmn 


• Ruuterjnode Supports commands that configure an IP routing protocol 

‘ ^S ,/gr " - ^ ~ SUPPOrtSC ° mmands th ‘ UC<>nH « ure the nctuorhdaver 

• Rout^Ma^jno ^Supports commands that configure routmg t.hles ln d 

source and destination information routing tanks and 


.. - ns-aaas*^ 


returns the router to the privileged EXEC mldT ‘■° nhgura,,on m ° de «» m P'«ely and 



A common m,stake when in a nonglobal configuration mode is to forget to exit back to 
c^Car 0 " m0de Wh6n d0ne Check ' ng ,he Pr0mPt «*« vou are ,n the 



Configuring Router Identification 

?o"uto f £te fi r r mI a „ S a t! V™ router is to name it. Naming your router helps j 

work Th aiW h ^ 7*“'* idenrif *"* eath ™rer wuhm the neb f 

Zed? he system n U CO ™ dered to >>e the host name and is the name d,s- i 

is Router You i no name is configured, the system default router name 1 

7,i°i “r sr •*-»**•«-%-».- J 

.v 
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Chapter 6 


Router Name 


Figure 6-4 


Router idem 


Router(config)# hostname P1R1 
P1R1# 


fication sets 
local identit\ 
or message 
for the 
accessed 
router or 
interface 


Message-of-the-Day Banner 


P1R1 (config)# t?anner motd # 
Accounting Department 
You have entered a secured 
system. Authorized access 
only! £ 


Interface Description 


P1R1 (config)#interface ethernet 0 
PlR1(config-if)#description Engineering LAN. Bldg 18 


Router identification is very convenient when you are remotely configuring routers, 
because it is a quick reminder of which router you are accessing This name is also used 
when addressing routers across the network 


I S**: ^ ou can configure a message-of-the-day banner to be displayed on all connected termi- 
E. This banner is displayed at login and is useful for conveying messages, such as 

{ft' impending system shutdowns, that affect all network users. When you enter the banner 
■jotd command, follow the command with one or more blank spaces and a delimiting 
- character of your choice, for example, the pound sign (#). After you add the banner 
Wk ? xl * tcrm inate the message with the delimiting character. (The motd keyword stands 
m *° r “message of the day.”) 

th* 11 C3n ,^ ave man Y lines in the banner— a full screen —and if you know how to enter 
^fc^special Comman< ^ s k )r V r extended modes, you can get elongated and highlighted 
^■g^cters. If you are in a secure network, a banner is a good place to put network 
information such as the description of users who depend on this router 
where the router is located. 
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Remember that anyone can see banner information You should be very careful about the 
wording of your banner message Including the word "Welcome" is an explicit invitation to 
anyone, including hackers, to enter your network. 


Some other banners are available, including an idle banner, which is displaced on a ter¬ 
minal or console when it is not in use. Some people use the idle banner to display the 
corporate logo. 

Sou can add a description to an interface to help you remember specific information 
about that interface, such as what network that interface services. This description is 
meant solely as a comment to help identify how the interface is being used. The descrip¬ 
tion will appear in the output when you display the configuration information that 
exists in router memory. 

The description function is easy to implement using the syntax description (string). 
Consider the following example: 

PIR1(config- if)description Network Lab, Tyler Building 


Password Configuration 

As discussed in Chapter 5, you can secure your router by using passwords to restrict 
access. Passwords can be established both on individual lines and to the privileged 
EXEC mode. Passwords are case sensitive . 

The console password is set independently from other line passwords, such as virtual 
terminal passwords. If your console is in your office under lock and key, you may not 
want a console password; just press Return, and you will be in user mode automatically. 
However, if your console is out where anyone has access to it, you might want to put a 
password on the console line. 


Console Password 

The line console ft.command establishes a login password on the console terminal . 
The line vtyj 34.comm.and establishes a login password on incoming Telnet sessions. 
The enable password command restricts access to the privileged EXEC mode. 



Cisco recommends that you use the enable secret command whenever possible 
of its encryption algorithm. Use the enable password command only if you boot an 
image of the Cisco I0S software or if you boot from older boot ROMs that do not recog¬ 
nize the enable secret command 

If you configure the enable secret password, it is used instead of the enable password, 
in addition to it. 
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Virtual Terminal Password 

The virtual terminal password must be set for remote configuration support. Telnet 
requires a password check. The numbers 0 and 4 are a range —that is, VTY lines zero 
through four, which equals five lines and equates to five incoming Telnet sessions. 

The same password can be used for all five lines. However, you might want to set one 
of the virtual terminal passwords to be unique. This setting is often used in a large net¬ 
work with many network administrators. You set four identical VTY passwords so that 
everyone can get into the router, and set one VTY password to something else. This way, 
if a catastrophic problem occurs on the network and all common VTY lines are in use, 
the one unique line is in reserve for recovery. 


Privileged EXEC Mode Password 

The router has one enable password . Whoever owns this password can do anything 
with the router, so be careful about communicating this password to others. 

To provide an additional layer of security, particularly for passwords that cross the net¬ 
work or are stored on a TFTP server, you can use the enable secret command Both 
piahle pas sword and enable secret commands allow you to establish an encrypted pass¬ 
word that users must enter to access enable mode (the default) or any privilege level you 
specify, but the enable secret command offers an improved encryption algorithm. 
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Password Encryption 

in the global configuration mode. 

Router (config) tfsjervice_j>essword-encryption^ 


To d,sable passwords, use the no lorm of the speafic password command ,n global con¬ 
figuration command mode. _ 


If an encrypted password youmuaerasej he confi R u r af ono n . the rout er and cre ^ 

a re a new file from set up mode. 

Configuring and Managing an Interface 

A reui«d ~in tacd» » » Pf»."T « 

bufferings 

Many «.«-<-». 1*™""“ 

tains commands that modify the operation of an Ethernet,.Tokeng ■ and 

oort When you issue the interface command, you must define the inter W 
p hr The number is assigned to each interface at the factory and is used t 

St ZL '.Thth ”p.',aularly «.ful wh,„ „„ h.« m.I.ipU <>< *' 

same type on a single router. 

An example of an interface type and number is: 

nmitrr(™ nf fg)#l n t e rf ace serial^_ft. 
nrmtrrfrnnf ig) iHn1, » rface ethernet J_ 

The Cisco 7000 and 7200 series routers can accept multiple in “J“ 
pie ports on each card. In this case, the first number isthe numberoHhe^a.-| 
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number. The second number is the port on the card. For example, on the second infer - 

face card, th e first Ethernet interface is specified as Ethernet 2/0. 

— J ~ ~ ' ‘ 

You define an interface in the Cisco 7000 and 7200 series routers by slot and port number: 

Router(config)#interface ethernet 1/0 

You define an interface in the Cisco 7000 and 7500 series routers with VIP cards by slot, 
port adapters, and port numbers, in that order: 

Router(config)# lnterface ethernet 1/0/e 
To quit the interface configuration mode, type exit at the system prompt. 

The show interfaces Command 

The show interfaces command displays all the statistics for all the interfaces on the 
router, as shown in Figure 6-5. 



Figure 6-5 
The j/iow 
interfaces 

command is 
useful for con 
figuring and 
monitoring 
routers 


If you want to view the statistics for a specific interface, enter the show interfaces coni 
^ an ollowed by the specific interface and port number. The following example uses 
e interface command to display the statistics for the serial interface, port 1: 

Routertf show interfaces serial 1 
o view the statistics for the Ethernet interface, port 0, enter 

Li R outer#show interfaces ethernet 0 
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Figure 6-6 
Use the show 
interface 
serial com¬ 
mand to iden 
tify line and 
protocol 
problems. 


If you use the show interfaces command on the Cisco 3640, 7000, and 7200 series rout¬ 
ers without the slot/port arguments, information for all interface types will he shown. 
For example, if you type show interfaces ethernet, you will receive information for all 
Ethernet, serial. Token Ring, and FDDI interfaces. The only way to specify a particular 
interface is hy adding the type slot/port argument. 

In Figure 6-5, the top line of the output tells that the line is up. Below that are some 
characteristics. For the Ethernet interface, you see the MAC address of the card, the 
maximum transmission units, and the bandwidth. For the serial interface, the default 
bandwidth for a serial line isTl. On the next line down, you find HDLC.. which is the 
default encapsulation protocol for serial lines on Cisco routers. 


Interpreting Interface Status 

One of the most important elements of the show interface serial command output is dis¬ 
play of the line and data-link protocol status. Figure 6-6 indicates the key summary line 
to check and the status meanings. 



Router* 

Seriall 

Har| 

Desj 

istiow interface serial 1 


is up. line protc 

Jware is cxBus 
cription: 56Kb 1 

XXX is up 

Serial 

.me San Jose -Mp 


Carrier Detect 


Keepalives j 


Operational 

Seriall is up. line protocol is up 

Connection Problem 

Seriall is up. line protocol is down 

Interlace Problem 

Senall is down, line protocol is down 

Disabled 

Seriall is administratively down, line protocol is down 


The first parameter (“Seriall is up," in Figure 6-6) refers to the hardware lay 
essentially reflects whether the interface is receiving the Carrier Detect signa ro 
other end. The second parameter (“line protocol is up” in Figure 6-6) refers to t e 
link layer. This parameter reflects whether the data link layer protocol keepa iv 
being received. 



f --f 

I 

1 
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The following parameter combinations are possible: 

• If both the interface and the line protocol are up, the connection is operational. 

• If the hardware is up and the line protocol is down, a Layer 2 problem exists, 
such as: 

No keepalives 

No clock rate 

Wrong connector 

Encapsulation mismatch 

In a back-to-back connection, the other end of the connection is “administra¬ 
tively down" 

• If both the line protocol and the interface are down, a cable might never have 
been attached when the router was powered up. 

• If the information says “administratively down,” you have manually disabled 
this interface. Later in this chapter, you learn how to disable interfaces. 

Configuring a Serial Line 

One of the more common interface configurations is a serial interface configuration. 
,This chapter will use a serial interface configuration as a sample task. (Later chapters 
will cover configuration of other kinds of interfaces, such as Ethernet, Token Ring, and 
tubinterfaces.) A serial interface can be configured from the console or through a virtual 
terminal line. Figure 6-7 shows how to configure a serial line. 


^The steps of serial line configuration are as follows: 


-1 

"f 

-wi 

i 


1 


1. Enter global configuration mode. In this example, you are configuring the in¬ 
terface from the console terminal. 

2. Once in global configuration mode, you must identify the specific interface 
against which you will be issuing commands. 

• If you are configuring an interface that will act as a DCE, you must specify a 
clock rate for it. (See the next section, “Determining DCE/DTE Status,” for an 
explanation of DCEs and DTEs in serial link environments.) Desired clock rate 
bits per second are: 1200, 2400,4800, 9600, 19200, 38400, 56000,64000, 
, t '^ 00 ’ 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, or 
, 4000000. The default clock rate for serial lines is Tl. 


! 
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Figure 6-7 

Vou must use 
global config¬ 
uration mode 
to set up a 
serial line. 


Specify interface 


Set DCE clock rate 
(optional) 


Set bandwidth (optional) 



Issue the clock rate command with the desired speed. Be sure to type the com¬ 
plete clock speed. For example, a clock rate of 56000 cannot be abbreviated 
to 56. 

4. Enter the desired bandwidth for the interface. The bandwidth command over¬ 
rides the default bandwidth that is displayed in the show interfaces command 
and is used by some routing protocols such as 1GRE 

If you change the interface from a DCE to a DTE, use the no clock rate command to 
remove the clock rate. 


When running the EIA/TIA-232 line at high speeds and long distances, data can phase 
shift with respect to the clock. To prevent this shifting, use the dce-terminal-timing ena ble^ 
command. 
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Determining DCE/DTE Status 

On serial links, one side of the link acts as the DCE and the other side of the link acts 
as the DTE. By default, Cisco routers are D TEl devices but can be configured as DCE 
devices. In a “back-to-back” cable configuration where a modem is not used, the DCE 
must provide a clocking signal. 

Before you begin to configure or alter your serial interface, you need to know if the 
interface is configured as DTE or DCE. The show controllers serial command displays 
information specific to the interface hardware, as shown in Figure 6-8. 



Most of the information displayed is proprietary and is used by Cisco technical support 
personnel for diagnostic purposes. The show controllers serial command shows if the 
interface is cabled as a DCE or DTE. If the interface is configured as a DCE, the show 
controllers serial display also reflects the current clock rate. 

You can display information pertinent to all controllers, to a controller type, or to a spe¬ 
cific controller. The command 

Router# show controllers 

displays information about all controllers installed in the router. The command 
Router#show controllers serial 
displays information 
Routertfshow 
^•plays information 


about a specific controller. 


Figure 6-8 
The s/)Okv co/ 
trollars sariai 

command 
indicates ifth, 
interface is a 
DTE or DCE 
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Verifying Your Changes 

Taking a moment or two to verify the changes you have made to an interface can ensure 
no mistakes were made during the process of saving your changes. The show interfaces 
command enables you to view the current interface configuration and status. For exam¬ 
ple, Figure 6-9 shows the result of issuing the show interfaces serial 1 command. 


Figure 6-9 

Always verify 
your changes 
using the 
show inter¬ 
faces com¬ 
mand 


Router#show interfaces serial 1 

Serial 1 la up, line protocol la ufc 

Hardware is MK5025 

MTU 1500 bytes, BW 66 Kbit, DLY 20000 usee, rely 255/255. load 9/255 
Encapsulation HDLC, loopback not set, keepalive set (10 sec) 

Last input 0:00:00. output 0:00:01, output hang never 
Last clearing of “show interface" counters never 
Output queue 0/40, 0 drops: input quere 0/75, 0 drops 
Five minute input rate. 1000 bits/sec. 0 packets/sec 
Five minute output rate 2000 bits/sec, 0 packets/sec 
331885 packets input, 62400237 bytes. 0 no buffer 
Received 230457 broadcasts, 0 runts, 0 giants 
3 input errors. 3 CRC, 0 frame. 0 overrun, 0 ignored, 0 abort 
403591 packets output, 66717279 bytes, 0 underruns 
0 output errors, 0 collisions, 8 interface resets, 0 restarts 
45 carrier transitions 


Shutting Down an Interface 


At some point, you might want to disable an interface, for example, to perform hard¬ 
ware maintenance on a specific interface or segment of a network. You might also want 
to disable an interface if a problem exists on a particular segment of the network and 
you need to isolate that segment from the rest of the network until the problem is 
detected or repaired. 

T he shutdown c ommand, as shown in Figure 6-10, administratively turns off an inter¬ 
face. To reinstate the interface, use the no shutdown command. 




new 
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Router#configure term 
Router(config)#interface serial 1 

Router(config-if)#shutdown 

%LINEPROTO-5-UPDOWN: Line Protocol on Interface Seriall. changed state to down 
%LINK-5-CHANGED: Interface Serial, changed state to administratively down 


Figure 6-10 ( 

The com¬ 
mands shut- \ 
down and no 
shutdown t 
change the 
interface state, 


Routerffconfigure term 
Router(config)#interface serial 1 
Router(config-if)#no shutdown 

%LINK-3-UPTOWN: Interface Serial, changed state to up down 
%LINEPROTO-5-UPDOWN: Line Protocol on Interface Seriall, changed state to up 

> Verifying Configuration Changes—Release 10.3 and Later 

{ After you make the changes to the running configuration variables, you should verify 

• r- X ill, . *1. . ..J.. ...l__ 


f§MSf with Cisco IOS Release 10.3 or later. 



Make changes in 
configuration modes 


~T~ 


Examine results 

Router#show running-config 


Figure 6-11 g 
Changing coni 
figurations on 
IOS 10.3 and( 
later. 


Remove changes 


Intended 

results? 


Save changes to backup 

Router#copy running-config startup-config 

Router#copy running-config tftp 


Examine backup file 
Router#show startup-config 


Noninvasive changes: 

Router(config)#no.... 
or Router#copy start run 
Routertcopy tftp run 

Invasive changes: 
Router#reload 
Router#copy tftp start 
Routertfreload 

Last resort changes: 
Router#erase start 
Router#reload 
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To verify your changes, use the show running-contig c ommand. This command displays 
the current configuration variables in memory. 

If the variables displayed are not what you intended, you can correct the environment by: 

• Issuing the no form of a configuration command or by copying a new set of 
configuration parameters into RAM 

• Restarting the system and automatically loading a new configuration file from 
NVRAM 

• Removing the startup configuration file with the erase startup-confitt command 
and replacing it with a new configuration file from an alternate source 

If you have already copied the erroneous configuration information to the startup con¬ 
figuration file in NVRAM, you can 

• Create new configuration variables in the running configuration and copy those 
new variables to the startup configuration file. To do this, enter 

Routerffcopy run nlng-conflg startup-config 

• Remove the saved configuration with the erase command and restart the 
system. In this case, the router configuration will revert to the factory defaults. 


After you enter the reload comman d, the system asks if you want to save the current 
configuration. If you do not want to save the running configuration, respond no at the prompt.. 


Verifying Configuration Changes—Releases Before 10.3 

Figure 6-12 shows the procedures to verify configuration changes when you are work¬ 
ing with Cisco IOS releases before 10.3. 

To verify your changes, use the show configuration comman d. This command displays 
the current configuration variables in memory. 
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If the variables displayed are not what you intended, you can correct the environment 
by: 


• Issuing the no form of a configuration command or by copying a new set of 
configuration parameters into RAM 

• Restarting the system and automatically loading a new configuration file from 
NVRAM 

• Removing the startup configuration file with the write erase command and 
replacing it with a new configuration file from an alternate source 

If you have already copied the erroneous configuration information to the startup con¬ 
figuration file in NVRAM, you can: 

• Create new configuration variables in the running configuration and copy those 
new variables to the startup configuration file. To do this, enter 
Router- ffwrite memory 
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Figure 6-12 

Changing 
configure 
tions in edii 
versions ot 
IOS 
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Saving Configuration Changes—Release 10.3+ 

When you have determined that the new variables are correct, you must save vour 
changes to the startup configuration file, as shown in Figure 6-11. 


Figure 6-13 

You can save 
configuration 
changes to 
NVRAM and 
Ioptionally) a 
remote server. 


Rouler»copy running-config startup-config 
Router# 


Router#copy running-config tftp 
Remote host [ 172.16.2.1551? 




TFTP or 
rep Server 


RAM 


Saving the changes ensures the router uses the new variables when you copy the startup 
configuration file into memory or perform a reload. 

To save the configuration variables to the startup configuration file in NVRAM enter 
the following command at the privileged EXEC system prompt: 

RouterK copy running-config startup-conflq 

To save the configuration variables to a remote server on the network, enter the follow¬ 
ing command at the privileged EXEC system prompt: 

Router#copy running-confia tftp 

where the variable tftp represents the target server type. 
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If you make a change on the router and then upload it to the TFTP server, it will overwrite 
the older file—except that this new copy will not have any comments in it. For this reason, 
the copy running-config tftp command is often used to create an initial file on the server. 
After the file is created, changes are made first on the TFTP server using your favorite editor 
and then downloaded into the router. This method preserves the comments in the configura¬ 
tion file 

You can include comments in the configuration file by preceding a line of text with an 
exclamation point (!). Including comments may help define the purpose of any commands 
you have placed in the configuration file 


Saving Configuration Changes—Releases Before 10.3 

To save the configuration variables to the startup configuration file in NVRAM using 
pre-Release 10.3 software, enter the following command at the privileged EXEC system 

prompt: 

Router#write memory 

To save the configuration variables to a remote server on the network using pre-Release 
10.2 software, enter the following command at the privileged EXEC system prompt: 

Routerffwrite network 


: write network command supports only TFTP servers. 


Managing the Configuration Environment 

netw ork grows, there may come a time when you want to store your Cisco IOS 
Jpllware and configuration files on a central server, which would allow you to control 
number and revision level of software images and configuration files you must main- 
*s section discusses the alternative sources for Cisco IOS software and how to 
e router to locate the software. It also looks at how to modify the existing Con- 
Oon Register setting to reflect a new location for the system image. 









Locating the Cisco IOS Software 

The Configuration Register boot field determines whether the router loads an operating 
system image, and if so, where it obtains this system image. You can modify the Config¬ 
uration Register boot field to tell the router how to load a system image on startup. 
Instead of using the default system image and configuration file to start up, you can spec¬ 
ify a particular system image and configuration file located elsewhere on the network. 

The default source for Cisco IOS software depends on the hardware platform, hut most 
commonly the router looks to the configuration commands saved in NVRAM, as 
shown in Figure 6—14. Settings can be placed in the Configuration Register to enable 
alternatives for where the router will bootstrap Cisco IOS software. 


Figure &-14 

If the router 
cannot locate 
the IOS soft¬ 
ware, it enters 
ROM monitor 
mode. 


Configuration Registers 

Registers in NVRAM for modifying fundamental Cisco IOS software 
Identifies where to boot Cisco IOS image 
(for example, use config-mode commands) 


Router#configure terminal 
0 r<Router(config)#boot system flash lOSjilename 
or Router(config)#boot system tttp lOSjilename tttp_address 
Router(config)#boot system rom 
(Ctrl-Z] 

Router#copy runnmg-config startup-config 


Boot system commands not found in NVRAM , 


Get default Cisco IOS software from Flash 


Flash memory empty 


I Get default Cisco IOS software from TFTP server 


You specify booujstem.commands to define the sequence for fallback sources. You 
save these statements in NVRAM with the copy running-config startup-config com¬ 
mand. The router will use the new sequence during the next startup. If the boot system 
command is not used, however, the system has its own fallback alternatives (refer to Fig¬ 
ure 6-14). The router defaults to the Cisco IOS software in Flash memory. : \ 
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If Flash memory is empty, however, the router will try a network alternative. The router 
uses the Configuration Register value to form a filename from which to boot a default 
system image stored on a network server. 

Finally, if the router has exhausted all alternative paths and cannot locate the Cisco IOS 
software, the router enters ROM monitor mode. 

The order in which the router looks for system bootstrap information depends on the 
boot field setting in the Configuration Register. 

Determining the Current Configuration Register Value 

Before you alter the Configuration Register, you should determine how the router is 
loading the software image. Use the show version command to obtain the current Con 
figuration Register value, as shown in Figure 6-15. The last line of the resulting display 
contains the Configuration Register values. 


Router#show version 

IOS (tm) 2500 Software (C2500-JS-L). Version 11.2(6). RELEASE SOFTWARE(fcl) 

Copyright (c) 1986-1997 by Cisco Systems. Inc 

Complied Tue 06-May-97 16:17 by Kuong 

Image text-base: 0x0303ED8C, data-base; 0x00001000 

ROM: System Bootstrap. Version 5.2(8a). RELEASE SOFTWARE 
ROM: 3000 Bootstrap Software (IGS-RXBOOT). version 10.2 (8a). 

RELEASE SOFTWARE (fcl) 

Router uptime is 21 hours. 13 minutes 
System restarted by reload 

System image file is Tlash:c2500-js-1.112-6.bin", booted via flash 


Figure 6-15 

The Con figu 
ration Register 
indicates that 
NVRAM is 
examined for 
boot system 
commands 




I Configuration register is 0x2102 : 

Note that the show version command displays over two screen pages. You need to go 
to the second screen page to display the current Configuration Register values. 
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If you are in ROM monitor mode, use theocommand to list the Configuration Register 
settings. 


You can change the default Configuration Register setting with the enabled config-mode 
configstegistCLcommand. Type configure terminal in privileged EXF.C mode to enter 
configuration mode, as shown in Figure 6-16. 


Figur* 6-16 

Enter configu¬ 
ration mode to 
change the 
default Con¬ 
figuration 
Register. 


Router#configure terminal 
Router(config)#config-register 0x2102 
[Ctrl-Z] 

Router#reload 


r 

Fr 




The Configuration Register is^Jiubiy^ter The lowest four hits of the Configuration 
Register (bits 3, 2, 1, and 0) form the bootfield. A hexadecimal number is used as the 
argument to set the value of Configuration Register. Table 6-1 shows the hexadecimal 
options and their meanings. 


TableTd Configuration-Register Value 

Boot field 0x0 
options in the 
Configuration 

Register ^ 

0x2 to OxF 


Meaning 

Use ROM monitor mode 
(Manually boot using the b command) 
Automatically boot from ROM 
(Provides IOS subset) 

Examine NVRAM for boot system commands .9 
(0x2 default if router has Flash) 
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To change the boot field and leave all other bits set to their default values, follow these 
guidelines: 

• Set the boot field to 0 to automatically enter ROM monitor mode. (This value 
sets the boot field bits to 0-0-0-0.) The router displays the > or the rommon> 
prompt in this mode. 

• Set the boot field to 1 to configure the system to boot automatically from 
ROM. (This value sets the boot field bits to 0-0-0-1.) The router displays the 
router(boot)> prompt in this mode. 

• Set the boot field to any values, 2 to F, to configure the system to use the boot 
system commands in NVRAM. This is the default. (These values set the boot 
field bits to O-O-l-O through l-l-l-l.) 

Use the show version command to verify the changes in the boot field setting. 


Password recovery is one of the possible reasons to change the Configuration Register. 
For more information, refer to Appendix F. "Password Recovery." 


Boot System Options in Software 

mentioned earlier, you can define a fallback sequence for the router to use during 
Startup. Figure 6-17 shows the boot system commands used to specify one fallback 
sequence for booting Cisco IOS software. 


1 


rf.-*-^ 001 s ^ stcm com mands in Figure 6-17 specify that a Cisco IOS image will load first 
B*? 1 " memory, next from a network server, and finally from ROM. 

S ing from Flash memory allows you to copy a system image without changing elec- 
ly erasable programmable read-only memory (EEPROM). Information stored in 
T"°ry is not vulnerable to network failures that can occur when loading system 
* from network servers. 





158 


Introduction to Cisco Router Configuration 


Figure 6-17 
Multiple boot 
system com¬ 
mands enable 
you to select 
the bootstrap 
fallback 
sequence. 


Flash 


Router#configure terminal 
Router(config)#boot system flash c2500-js-1 
[Ctrl-Z] 

Router#copy running-config startup-config 


Network 


Router#configure terminal 

Router(config)#boot system tftp test.exe 172.16.13.111 
[Ctrl-Z] 

Router#copy running-config startup-config 


ROM 


Router#configure terminal 
Router(config)#boot system rom 
[Ctrl-Z] 

Router#copy running-config startup-config 


In case Flash memory becomes corrupted, the boot system entries in Figure 6-17 next 
specify that a system image should be loaded from a network server. 


Finally, if Flash memory is corrupted and the network server fails to load the image, 
booting from ROM is the final bootstrap option in software in Figure 6-17. Note that 
the system image in ROM likely will be a subset of Cisco IOS software, lacking the pro¬ 
tocols, features, and configurations of full Cisco IOS software. It may also be an older 
version of Cisco IOS software if you have updated software since you purchased the 
router. 


The command copy running-config startup-config saves your desired command a 
sequence in NVRAM. The router will execute the boot system commands in the order j 
in which they were entered into configuration mode. 


Preparing for a Network Backup Image 


Retaining a backup copy of your software image ensures that you always have a copy 
of the Cisco IOS software in case the system image in your router becomes corrupted. J 

Geographically distributed routers need a source or backup location for softwaJTM 
images. Using a network server allows image and configuration uploads and downloa^j 
over the network. The network server can be another router, a workstation, or a F 
system, as shown in Figure 6-18. 




Cisco IOS 
. Image 


Router 



Figure 6-18 

The network, 
server can bt 
another 
router, a woi 
station, or a 
host system 


Network 


Server 



Check access to the server 


Check space available on server 


Check naming convention 


Before you copy software between the network server and Flash memory in the router 
you should check for preliminary conditions: 


Make sure that you have access to the network server. 

• Verify that the server has sufficient room to accommodate the Cisco IOS 
software image. 

Check the filename requirements and file space of the network server. 

Viewing Available Memory and the Image Filename 

Wer h ° W flash C T mand is a " important tool for gather,ng information about your 
ifouter memory and im». .t,.. c:_ ^ .n ’ 


Router#show flash 

System flash directory: 

Files Length Name/status 

1 7871172 c2500js-1.112-6.bin 

17871236 bytes used, 517372 available. 
8192K bytes of processor board System 


Figure 6-19 
Use the show 
flash com 

mandto verity 
that Flash 
memory has 
room for the 
Cisco IOS 
image. 
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With the show flash command, you can determine the following: 

• Total amount of memory on your router 

• Amount of memory available 

• Name of the system image file (such as c2500-js-I.H2-6.bin) used by the 


The name for the Cisco IOS image file contains multiple parts, each with a specific 
meaning: 

• The first part of the image name contains the platform on which the image 
runs. In the example in Figure 6-19, the platform is C2500. 

• The second part of the name identifies the special capabilities of the image file. 
A letter or series of letters identifies the feature sets supported in that image. In 
this example, the / indicates this is an enterprise image, and the s indicates it 
contains extended capabilities. 

• The third part of the name specifies where the image runs and if the file is com¬ 
pressed. In this example, I indicates the file is relocatable and not compressed. 

• The fourth part of the name indicates the version number. In this example, the 
version number is 11.2 (6). 

• The final part of the name is the file extension. The .bin extension indicates this 
file is a binary executable file. 

The C isco IOS software naming conventions, name part field meaning, image content, 
and other details are subject to change. Refer to your sales representative, distribution ; 
channel, or Cisco Connection Online (CCO) for updated details. 


You should be careful in reading the Cisco IOS image filename Some fonts display the, 
lowercase letter / and the number 1 as the same character How you type the characters wil, 
impact the capability of the router to load the files correctly. 
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Creating Software Image Backup 

You create a software backup image file by copying the image file from a router to a 
network server, as shown in Figure 6-20. 


Figure 6-20 

Back up cur¬ 
rent files prior 
to updating 
Flash. 


Network 

Server 


FLASH 


Router#copy flash tftp 

System flash directory: 

Files Length Name/status 
1 7871172 c2500-js-1.112-6.bin 

[7871236 bytes used. 517372 available. 8388608 total) 
8192K bytes of processor board System flash (Read ONLY) 

IP address of remote host [255.255.255.255] 7172.16.13.111 
filename to write on tftp host? c2500-js-1.112-6 
writing c2500-js-1.112-6 MM!!!!!!!!!!!!!!!!!!!!!!! 
successful tftp write. 

Router# 


To copy the current system image file from the router to the network server, use the copy 
flash command in the privileged EXEC mode. 

When using a TFTP server, enter 

Router#copy flash tftp 

jThe copy flash command also requires you to enter the IP address of the remote host 
> «nd the name of the source and destination system image file. The copy flash command 
automatically displays the contents of Flash, including the image filename. Methods to 
; obtain IP addresses are discussed in Part 2 of this book, “Networking Protocol Suites.” 
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The routers that come by default with Flash memory have a preloaded copy of the Cisco 
IOS software. Although Flash is extremely reliable—good for 65 years and 100.000 
rewrites—it is a good idea to make a backup copy of the Cisco IOS software if you have a net¬ 
work server available. If you had to replace Flash memory for some reason, you would have a 
backup copy at the revision level currently running on your network 




Upgrading the Image from the Network 

You must load a new system image file on your router if the existing image file has 
become damaged or if you are upgrading your system to a newer software version. You 
can download the new image from the network server using the following commands. 

When using a TFTP server, enter 
Routerrfcopy tftp flash 

The command will prompt you for the IP address of the remote host and the name of 
the source and destination system image file. Enter the correct and appropriate filename 
of the update image as it appears on the server, as shown in Figure 6-21. 


I 

Ev*'" 


Figure 6-21 

You must 
assign a 
source loca¬ 
tion and file¬ 
name for the 
upgraded 
image file. 


_Q, 


Network 

Server 


Router#copy tftp flash 

IP address of remote host [255.255.255.255] 7172 16.13.111 
Name of tftp filename to copy into flash [ ]?c4500-js-l 

copy c4500-js-1.112-6 from 172.16.13.111 into flash memory? [confirm] <Return> 
xxxxxxxx bytes available for writing without erasure, 
erase flash before writing? [confirm]<Return> 

Clearing and intializing flash memory (please wait) ####...## 

Loading from 172.16.13.111: MM!!!!!!!!!!!!!!!!!!!!!! 

I I ! !!!! !!!!! I (text omitted) [OK - 324572/524212 bytes] 

Verifying checksum... 

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv 

vvvvvv (textomitted) 

Flash verification successful. Length = 1804637. checksum = 0xA5D3 
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Before performing this procedure, make sure you are able to reach your TFTP server 
and that the proper Cisco IOS software image is available. Be sure to use the show Hash 
command to view the file and to compare its size with that of the original on the server 
before changing the boot system commands and rebooting the machine on the new 
level. 

Adequate preparation and providing a backup before update operations offers Key 
the most secure administration of Cisco IOS image loading. Concept 

After you confirm your entries, the procedure asks if you want to erase Flash. Erasing 
Flash makes room for the new image. You perform this task if there is not sufficient 
Flash memory for more than a single Cisco IOS image. 

If no free Flash memory space is available, or if the Flash memory has never been writ¬ 
ten to, the erase routine is required before new files can be copied. The system informs 
you of these conditions and prompts you for a response. 

As shown in Figure 6-21, each exclamation point (!) means that one User Datagram 
Protocol (UDP) segment has successfully transferred. The series of Vs indicates success¬ 
ful checksum verification of a segment. 



You can put comments into a configuration file on a TFTP server by starting the comment 
fine with an exclamation point (I). When a file is downloaded into the router, the comments 
are stripped off. 
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For a period of time after Flash erasure, you will not have a copy of the operating system 
on the router This situation is risky Some routers run the Cisco IOS software from Flash If 
you erase the Flash memory on these types of routers, such as the 2500. the router will 
cease to function 


Overwriting an Existing Image 

If you attempt to copy a filename that already exists in Flash memory, the system noti- 
hes you, as shown in Figure 6-22. 


Figure 6-22 

The response 
indicates that 
an image 
already exists. 



System image filenames are not case sensitive; both upper- and lowercase versions of the ] 
filename are viewed as the same filename. 

The existing file is “deleted" when you copy the new file into Flash. The first copy ofi 
the file still resides within Flash memory but is rendered unusable in favor of the newrtM 
version, and will be listed with the [deleted! tag when you use the show flash command* j 


\-r 
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If more than one file of the same name is copied to Flash, regardless of case, the last file 
copied becomes the valid file. 

If you abort the copy process, the newer file is marked [deleted | because the entire file 
was not copied and is not valid. In this case, the original file still resides within Flash 
memory and is the image file used. 

Use the show flash command to view the file and to compare its size with that of the 
original on the server before changing the boot system commands to use the new image. 

Up to now, you’ve seen how to locate and store the Cisco IOS software image. Next you 
learn how to set up the configuration in NVRAM. 


Creating or Changing a Configuration Using Setup Mode 

If your device is a new router or the contents of NVRAM 
not find the critical configuration in 
cases, the router software enters 
mation. You can also force 
EXEC mode; 

ft Routerflsetup 

The primary purpose of the setup mode is to rapid 
jwation, which is accomplished through the Syster 

•The first thing System Configuration Dialog asks 
•etup program, as shown in Figure 6-23. 


are corrupted, the router can 
formation needed to start up. In either of these 
setup mode and prompts you for configuration infor 
setup mode by entering the following command in privileged 


Routerffcopy tftp flash 

— System Configuration Dialog — 

At any point you may enter a question mark'?' for help. 
Use ctrt-c to abort configuration dialog at any prompt. 
Default settings are in square brackets '[ ]'. 

Continue with configuration dialog? [yes/no): yes 
First, would 


Figure 6-23 

The System 
Configuration 
Dialog 
prompts you 
through the 
setup. 


you like to see the current interface summary? [yes]: no 


■ entering No at the prompt. To begin the initial configuration 
can press Ctrl-C to terminate the process and start over at a 
'sing the command form of setup (Router#setup), Ctrl-C return 
XEC prompt (Router#). 
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The System Configuration Dialog facility provides help text for each prompt To access 
help, press the question mark (?) key at the target prompt _ 


For many of the prompts in the System Configuration Dialog of the setup command 
faahtv default answers appear in square brackets (| 1) following the quest,..,.. I ress ng 
the Return key allows you to use the defaults. If you are configuring the system lor the 
t p.o.id.d- If ,h„. n„ factory dclault. at to tit. cat. 

of passwords, no value is displayed in the brackets. 

Refer to the Cisco Using ClickStart. Autoinstall, and Setup documemauon at 
www.cisco.com for more information on setup mode. 

Setup Mode Global Parameters 

If you choose to continue with the System Configuration D.alog, you are first prompted 
to set the global parameters for the router. 

The first global parameter allows you to define the router host name. This; ho*r name 
will precede the Cisco IOS prompts for all configurat.on modes. At m.ual c. * . - 

the router name default is shown between the square brackets as [Kou I? 

Figure 6-24. 

The next global parameters show how to set the various passwords ^^ ^ the^outec 
These parameters are where you define the enable secret password discu 
Privileged EXEC Mode Password” section. When you enter a strmg of passwod eta 
aSt this prompt, the characters are processed 

This process enhances the security of the password g. meaningless 

contents of the router configurat.on file, th.s enab'e password appear as a « ^ 

strmg of characters. Cisco recommends you use different passwords 
secret password to maintain an enhanced level of security. 

When you answer “yes” to a prompt, additional subordinate questions may a P P«*j 
about that protocol. 


Configuring global parameters: 

Enter host name [Router]: P1R1 

The enable secret is a one-way cryptographic secret used 
instead of the enable password when it exists. 

Enter enable secret [<Use current secret>): 

Enter enable password [sanfran]: 

% Please choose a password that is different from the enable secret 
Enter enable password [sanfran]: cisco 
Enter virtual terminal password [sanjose]: 

Configure SNMP Network Management? [no]: 

Configure IP? [yes]: 

Configure IGRP routing? [yes]: 

Your IGRP autonomous system number [1]: 


SV 

vk 


Setup Mode Interface Parameters 

After you have configured the global parameters, you are prompted for parameters for 
each installed interface, as shown in Figure 6-25. 




Configuring interface parameters: 

Configuring interface TokenRingO 
Is this interface in use? [no]: <Return> 

Configuring interface SerialO 
Is this interface in use? [yes]: 

Configure IP on this interface? [yes]: 

Configure IP unnumbered on this interface? [no] 

IP address for this interface: 172.16.97.67 
Number of bits in subnet field [0]: 

Class B network is 172.16.0.0,0 subnet bits; mask is 255.255.0.0 
Configure Novell on this interface? [yes]: no 

Configuring interface Serial 1: 

Is this interface in use? [yes]: no 


i lf you choose not to configure an interface, the System Configuration Dialog will bypass 
Lr subsequent prompts relating to that interface. If you choose to configure an inter- 
enter your configuration values at each prompt. 


Figure 6-24 

The default 
router name a 
initial confiyi 
ration is 
shown m 
brackets 


Figure 6-25 

Setup 

prompts you 
for parame 
ters tor each 
interface 
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You can configure every protocol that you enabled in the global section for each inter ; 
face. So you can see that some interfaces can be enabled for multiple protocols, while 
others may be running only one protocol. , 

For the serial line SerialO, the system prompts you for an IP address on this port and 
whether to configure IP unnumbered with the default setting. “Yes" indicates the com¬ 
mon practice of enabling IP processing on that interface without assigning an explicit 
| P ■ lddress to the interface. Usually the reason for using IP unnumbered ,s to conserve * 
IP addresses. It can be unnecessary to use an explicit IP address for a serial link that con- : 
nects point-to-point with another serial interface. 

Setup Mode Script Review 

When you complete your changes, the setup command facility shows you the configu¬ 
ration command script that was created during the setup session, as shown in Figure 
6—26. \ 


Figure 6-26 

Setup 
prompts you 
to save the 
configuration. 


The following configuration command script was created: 
hostname P1R1 

enable secret 5 $1$g722$dg2UV 

enable password sanfran__ 

line vty 0 4 I . . . _ , ~ 

' . , interface TokenRinqO 

password sanfran shutdown 9 

snmp-server community , 


ip routing 
no decent routing 
no xns routing 
novell routing 
no apollo routing 
appletalk routing 
no clns routing 
no vines 
no bridge 
no mop enabled 
- - More - - 


interface TokenRingO 
shutdown 
j 

interface-SerialO 

ip address 172.16.97.67 255.255 0 0 

interface-Serial 1 
shutdown 
I 

router igrp 200 
network 172.16.0.0 


| Use this configuration? [yes]: yes 
(OKI 

Use the enabled mode 'configure' command to 
modify this configuration. 


This script allows you to view your changes before they are saved to NVRAM. /' 

The commands are divided into global and interface sections. Notice in Figure 6-5 
that both interface TokenRingO and Serial 1 are shut down—that is, administrari 
disabled. To use such interfaces, you must enter interface configuration mode and l 
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no shutdown to turn them back on. If these interfaces have never been configured, you 
must use the configure command to enter the appropriate values to make the interfaces 
operational. 

At the end, setup will ask you if you want to use this configuration. If you enter “yes,” 
the configuration file is loaded into working storage, and a copy is stored in backup 
memory in NVRAM. This is the only time the router will automatically store a config¬ 
uration file in NVRAM; after this initial configuration, you must explicitly tell the 
router to make a backup copy. 

The script tells you to use configuration mode to modify the command after setup has 
been used. The script file generated by setup is additive; you can turn on features with 
setup, but you cannot turn them off. Also, setup does not support many of the advanced 
features of the router or those features that require a more complex configuration such 
as access lists. These complex configurations are covered further in Chapter 13, “Basic 
Traffic Management with Access Lists.” 


Summary 

c fi a pter has defined how to create a running and startup configuration, and how 
Kt° make global configuration changes. You’ve also configured a serial interface and 
determined the load location of the Cisco IOS image. The next chapter focuses on using 
■ die Cisco Discovery Protocol to locate other routers. 


-1 


1 
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Configuring a Router 


Estimated Time: IS minutes , ■ hi 

Question 6.1 

T f Configuration fib* can cotfic fr.fi. *, ««* >«**“• - * 

Question 6.2 

T f T fi, router loads the int.g. file bated on the values » ■« Configuranon 
Register. 

Question 6.3 

r f Multiple source op,ton. provide and fallback afierna,,.... 

Question 6.4 , . s 

T F If the router cannot find a configuration file, the router enters ' 

Question 6.5 , 

T f The route, has a single configuranon ntod, to handle a„ configuranon • 

Question 6.6 

T f Cisco,outer, ptovidemulriple levels of passuord pm,ecnon. I 

Question 6.7 „,;ficatioi»i 

T F Cisco routers support configuration parameters that a.dm router, °3 


K 


Question 6.8 

T F Cisco IOS Release 10.3 or later uses the copy configure command to save con¬ 
figuration files. 

Question 6.9 

What command is used to enter global configuration mode and specify that configura¬ 
tion commands will originate from the terminal? 

Question 6.10 

What command defines a login banner? 

Question 6.11 

What command is used to create a message-of-the-day banner? 

Question 6.12 

What must you enter after the message-of-the-day banner command to indicate the end 
of the banner message? 


Question 6.13 

What command string puts you in interface configuration mode for interface Serial 1? 
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Question 6.14 

If you set both the enable and secret passwords, which one is used to enter privileged 
EXEC mode? 


Question 6.15 

What command do you use to verify that interface Serial 1 is cabled as a DCE interface? 


Question 6.16 

What command do you use to enable an interface? 


Question 6.17 

In what mode must the router be before you can issue the no shutdown command? 


Question 6.18 

What command do you issue to obtain the current Configuration Register setting? 





Configurin g a Router 



6.19 

mmands boot the system file from Flash? ROM? TFTP server? 
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Discovering and 

Accessing Other Cisco 
Routers 


This chapter discusses the Cisco Discovery Protocol (CDP) and how you can use it to 
view interface and CDP configuration parameters on your local router. However, CDP 
is most commonly used to obtain protocol addresses and platform information about 
neighboring routers. 

The screens in this section reflect Cisco IOS Release 11.2(6). If you are running a differ¬ 
ent version, your screens may vary from those shown. 


Cisco Discovery Protocol Overview 

CDP provides a single proprietary command that enables you to access a summary of 
the multiple protocols and addresses configured on other directly connected routers. 

CDP runs over a data link layer connecting lower physical media and uppernetwork-layer 
protocols, as shown in Figure 7-1. Because CDP operates at this level, two or more CDP 
devices that support different network-layer protocols can learn about each other. 

Physical media that support the Subnetwork Access Protocol (SNAP) connect CDP 
devices. These physical media can include all LANs, Frame Relay and SMDS WANs, 
and ATM networks. 

When a Cisco device running Cisco IOS Release 10.3 or later boots up, CDP starts up 
by default and automatically discovers neighboring Cisco devices running CDP. In the 
Past, the ability to obtain information about remote devices required tools provided by 
TCP/IP. With CDP, discovery of devices now extends beyond those devices running 
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Figure 7-1 

COP enables 
discovery on 
multiprotocol 
networks 


TCP/IP Novell AppleTalk Others 
Addresses --- 

r. j rDP discovers and shows information jj 

SIS5SS about directly connected Cisco ^tevices- 

^ Re" A ™ _° ,h, ' ,S . 

Tcp „p 8ct<uw CLP . protocol »V*-r " «»' *«* «—* l ““ 

“ 8 ,X. o( protocol .ttC - tuontog. 

CDP too. oo .,11 Cisco manufactured equiporenr. rndudmj: 


• Access servers 

• Workgroup switches 

Once CDP discover, a device, it 

address entrtes used on the discovered device s port. PP 

Protocol (DDP), DECnet CLNS, and others. ietirv tvpe value, 

CDP uses an assigned HDLC ™- 

C-DP must run on media ^at supp L Y tha , an “unknown proto^ 

an analyzer on your network the analyzer ^ the format for CDP exchanges 

col is on your network, 'rou should be P The SNAp format f or CDP 

so you don't spend time trying ° w here aaou03 is the LLC, 00000c » 

and 2000 is the HDLC protocol ty.lor CDP^ 

The CDP process sends and sending and receiving 

t specific multicast address ( 0100 . 0 ccc.cccc). y p and ca n determine 

a spc . rDP device earns about other uevik.es 

hello-type updates each CDP dev ce ^ ^ 

if any medium in the data link go ^ ( MIB) 

Cisco IOS Rule*. 10J >"0 1““, 
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Using CDP on a Local Router 

CDP is enabled by default at the global level and on each interface in order to send or 
receive CDP information. Advertisement and discovery using CDP involves data-link 
frame exchanges, and only directly connected neighbors exchange CDP frames. 

To disable CDP on a router, enter the following command in global configuration mode: 
Routerfconfig)#no cdp run 

To disable CDP on a specific interface, enter the following command in interface con¬ 
figuration mode: 

Routerfconfig•if)*uo cdp enable 

The show cdp interface command displays information about your own router inter¬ 
faces, as shown in Figure 7-2. The interface values include the CDP timers, the interface 
status, and the encapsulation used by CDP for advertisement and discovery frame 
transmission. 



Figure 7-2 

Using the 
show cdp 
interface com 
mand on 
router A 
reveals infor¬ 
mation about 
the router's 
own 

interfaces. 


The sending time indicates the interval at which CDP frames are sent. The holdtime 
Indicates a Time To Live (TTL) for what CDP sends. Neighbors that receive a holdtime 
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value must discard the CDP information about the device if the time specified elapses 
before the neighbor receives another transmitted TTL value. Also, to prevent obsolete 
information, prior to losing power a router transmits a TTL frame with a value of zero. 
CDP devices receiving this frame discard information about the disabled device. 


Altering CDP Parameters 

Routers use CDP to constantly update neighboring devices about the state of the router 
and its interfaces. The CDP timer regulates how often updates are transmitted. The 
default value for the CDP timer is 60 seconds. You can alter the CDP timer to send 
updates using a shorter or longer time interval, as shown in Figure 7-3. Decreasing the 
timer interval provides faster updates to neighboring routers but increases your band¬ 
width usage. 


Figure 7-3 

You can alter 
CDP's timer 
and holdtime 
parameters. 


Router A# (config)# cdp timer 30 
Router A# (config)# exit 
Router A# show cdp interface 
SerialO is up. line protocol is up 
Encapsulation is HDLC 
Sending CDP packets every 30 seconds 
Holdtime is 180 seconds 


Router A# (config)# cdp holdtime 90 
Router A# (config)# exit 
Router A# show cdp interface 
SerialO is up, line protocol is up 
Encapsulation is HDLC 
Sending CDP packets every 30 seconds 
Holdtime is 90 seconds 


To alter the CDP holdtime, enter the following command in global configuration mode: 
Router(config)#cdp holdtine (seconds) 

where [seconds] represents the amount of time a receiving device should hold the infor¬ 
mation sent by your device before discarding it. 


Showing CDP Neighbors 

The primary use of CDP is to discover platform and protocol information on your 
neighboring devices. Use the show cdp neighbors command to display the CDP updates 
received on the local router, as shown in Figure 7-4. 


Router A# show cdp neighbors 

Capability Codes: R • Router. T - Trans Bridge. 

B • Source Route Bridge. 

S - Switch. H - Host, I - IGMP 

Device ID Local Intrtce Holdtime Capability Platform Port ID 

RouterB.dsco.com EthO 151 RT AGS Eth 0 

RouterB.cisco com SerO 165 RT AGS Ser3 

Router A# show cdp neighbors detail 

Device ID: routerB.cisco.com 
Entry address(es): 

IP address: 198 92 68 18 

CLNS address: 490001.1111.11111111.00 

Appletalk address: 10.1 

Platform: AGS. Capabilities: Router Trans-Bridge 
Intedace: EthernetO, Port ID (outgoing port): EthernetO 
Holdtime: 143 sec 


To alter the CDP timer, enter the following command in global configuration mode: 
Router(config)#cdp timer [seconds] 

where [seconds] represents the interval between updates. 

The holdtime indicates how long the CDP packets being sent from your router should 
be held by the receiving device before being discarded. The default value is 180 seconds. 
If the device receives a more recent update or if this holdtime value expires, the device 
must discard the CDP entry. You might want to set the holdtime lower than the default 
setting if information about your router changes often and you want the receiving 
devices to purge this information more quickly. 


Notice that for each local port, the display shows the following: 

• Neighbor device ID —For example, the router’s configured host name and 
domain name, if any 

• Local port type and number —An ASCII character string such as Ethernet 0 

• Decremental holdtime value in seconds 

• Neighbor’s device capability code —For example, if the device acts as a 
source-route bridge as well as a router 



Figurs 7-4 

Thecomman . 

show cdp 
neighbors dis 
plays; the 
results of the 
CDPdiscovei , 
process 
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• Hardware platform of the neighbor 

• Neighbor's remote port type and number 


Key The show cdp neighbors command displays a complete profile of neighbor 
Concept routers and is the most widely used of the show cdp commands. 


In the example in Figure 7-4, a neighbor's device name contains a domain name; there¬ 
fore, the Device ID column for router B displays a domain-name entry in the form com- 
pany.com. To check the device as a single target, include the domain by entering the 
command variation show cdp entry routerB.ctsco.com. 


Showing CDP Entries for a Neighboring Device 

The show cdp entry device-name command displays a CDP entry for a specific neigh¬ 
boring router. Use the asterisk (*) in place of the device name as a wildcard to display 
information for all directly attached devices. 

As shown in Figure 7-5, the output from this command includes all the Layer 3 
addresses present in the neighbor router B. You can see the IP, CLNS, and DECnet net¬ 
work addresses of the targeted CDP neighbor with the single command entry on 
router A. 


Figure 7-5 

Enter the spe¬ 
cific Cisco 
router device 
name to view 
its CDP infor¬ 
mation. 


Router A# show cdp entry routerB 
Device ID: routerB 
Entry address(es): 

IP address: 198.92.68 18 

CLNS address: 490001.1111.1111.1111 00 

Appletalk address: 10 1 

Platform: AGS, Capabilities: Router Trans-Bridge 
Interface: EthernetO. Port ID (outgoing port): EthernetO 
Holdtime: 155 sec 

Version: 

IOS (tm) GS Software (GS3). 11.2(13337) [asastry 161] 
Copyright (c) 1986-1996 by Cisco Systems, Inc. 
Compiled Tue 14-May-96 1:04 


The holdtime value for a neighboring router indicates how long ago the CDP f 
arrived with this information. The display also includes abbreviated version info 
tion about router B. 
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i/DP was designed and implemented as a very simple, low-overhead protocol. A CDP 
famine can be as small as 80 octets, mostly made up of the ASCII strings that represent 
jgfommion like that shown in Figure 7-5. 

Eft the device name has been configured with a domain name, you must enter it as part 
of the target device name. For example, if router B were running with a configuration 
Containing a domain-name entry in the form company.com, you would include the 
domain by entering the CDP command variation show cdp entry routerB.cisco.com. 

Note that the CDP entry device name is case sensitive. In the example in Figure 7-5, the 
•bow cdp entry command will display only CDP information for device name routerB. 

comn iand will not display CDP information for any other derivation of the device 
Ittme, such as RouterB, routerb, or ROUTERB. 


Summary 

iP is one way to learn about other routers on the network. In Part 2, “Networking 
Wotocol Suites,” you learn other methods, such as ping and Telnet, to discover remote 
lohter information. Ping and Telnet require that you know the address of the router you 
^retrying to contact. Use CDP to determine that address. 


'l! 
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Chapter Seven Test 

Discovering and Accessing Other Cisco Routers 

Estimated Time: IS minutes 

Complete all the exerases to test your knowledge of the materials contained m this 
chapter. Answers are Usted in Appendix A, “Chapter Test Answer Key. 

Question 7.1 

T F CDP is a protocol and media independent tool. 

Question 7.2 

T F CDP displays information about directly connected routers, hubs, and manage¬ 
ment consoles. 

Question 7.3 

T F CDP sends and receives updates at regular intervals. 

Question 7.4 

T F CDP can be enabled by router or by interface. 

Question 7.5 

T F CDP is off by default. 

Question 7.6 

T F CDP uses broadcasts for discovery. 


Question 7.7 

T F CDP is used only for discovery on LANs. 
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Question 7.8 

What is the purpose of the CDP timer setting? 

Question 7.9 

Why would you consider disabling CDP? 

Question 7.10 

What is the purpose of CDP holdtime parameter? 

Question 7.11 

How can you identify CDP packets on your network? 



















TCP/IP Overview 


The Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols was 
developed as part of the research done by the Defense Advanced Research Projects 
Agency (DARPA). It was originally developed to provide communication between 
devices connected through DARPA. Now TCP/IP is the de facto standard for internet¬ 
work communications and serves as the transport protocol for the Internet, enabling 
millions of computers to communicate globally. Originally, TCP/IP was included with 
the Berkeley Software Distribution of UNIX to connect UNIX hosts that were remote 
to each other, as shown in Figure 8-1. 


UNIX Host 


Figure 8-1 

TCP IP is the 
transport 
used on the 
Internet 


Internet 


TCP/IP 
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were just beginning to face the problem that virtually all companies with networks now 
have: how to establish communication between dissimilar computer systems. 
Packet-switched networks enable companies to connect to an internetwork cloud that 
handles getting information from one location to another without a direct connection 
or link between two end devices. 

For more information about the history of TCP/IP, refer to the following World Wide 
Web address: 

http://www.ietf.cnrl.reston.va.us/home.html 
This book focuses on TCP/IP for several reasons: 

• TCP/IP is a universally available protocol that you will most likely use at work. 

• TCP/IP is a useful reference for understanding other protocols because it 
includes elements that are representative of other protocols. 

• TCP/IP is important because the router uses it as a configuration tool. The 
router uses Telnet for remote configuration, TFTP to transfer configuration 
files and operating system images, and SNMP for network management. 


i 


TCP/IP Protocol Stack , 

The TCP/IP Internet protocols can be used to communicate across any set of intercon . 
nected networks. They are equally well suited for both LAN and WAN communication 
The TCP/IP Internet protocol suite includes not only Layer 3 and 4 specifications 
as IP and TCP), but also specifications for such common applications as e-mail, remo • 
login, terminal emulation, and file transfer. 

The TCP/IP protocol stack maps closely to the OSI reference model in the lower1 
All standard physical and data-link protocols are supported. The TCP/IP stac s "’“j j 
the DARPA model, consists of only four layers that are closely associated to J 

model: 

• Application layer— Defines the upper-layer functionality included in the appH 
cation, presentation, and session layers of the OSI model. This includes s pp“M 
for the communicating component of an application, code formatting an '"a 
version, and session establishment and maintenance between apphea i • I g 

• Transport layer —Defines connectionless and connection-oriented transp^W 
functionality 
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• Internet layer —Defines internetworking functionality for routed protocols 

• Network interface layer —Defines the data-link properties and media access 
methods 

The four-layer TCP/IP protocol stack is shown in Figure 8-2. 


OSI Reference Model 


Application 


Presentation 


TCP/IP Conceptual Layers 


Application 


Transport 


T ransport 


Network 

Interface 


Figure 8-2 

The four-layer 
model that 
TCP/IP is 
mapped to is 
similar to the 
OSI model in 
defined func¬ 
tionality. 


Ethernet, 802.3, 
802.5, FDDI, 
and so on 


TCP/IP information is transferred in a sequence of datagrams. One message may be 
transmitted as a series of datagrams, which are then reassembled into the message at the 
receiving location. The terms packet and datagram are nearly interchangeable. How¬ 
ever, a datagram is a unit of data, whereas a packet is a physical entity that appears on 
a network. In most cases, a packet contains a datagram. In some protocols, though, a 
datagram is divided into a number of packets to accommodate a requirement for 
smaller transmittable pieces. 

Creation and documentation of the Internet protocols closely resembles an academic 
research project. The protocols are specified in documents called RFCs (Request for 
p Comments). RFCs are published, reviewed, and analyzed by the Internet community. 
. One of the most interesting RFCs is RFC 1 700, which lists the assigned numbers for the 
y Internet community. Another important RFC is RFC 791, which covers IP functionality. 


plication Layer Overview 

fcation protocols exist for file transfer, e-mail, and remote login and map to the 
totality defined in the application layer of the TCP/IP model. Network manage¬ 
rs also supported at the application layer, as shown in Figure 8-3. 
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Figure 8-3 

Some applica¬ 
tions can 
reside on a 
router. 



Many of these applications can reside on a router or host device, as well. For example, 
TFTP (Trivial File Transfer Protocol) and Telnet are applications that may be used to access 
and configure a router. If a router supports SNMP (Simple Network Management Proto¬ 
col), the router can be managed by another SNMP device with sufficient permissions. 
Finally, DNS (Domain Name System) enables a router to reply to DNS host name queries. 


Transport Layer Overview 

The transport layer performs several functions, including: 

• Flow control provided by sliding windows 

• Reliability provided by sequence numbers and acknowledgments 

Two protocols are provided at the transport layer: TCP and UDP (see Figure 8-4). 

• TCP is a connection-oriented, reliable protocol. It is responsible for breaking 
messages into segments, reassembling them at the destination station, 
resending anything that is not received, and reassembling messages from t e 
segments. TCP supplies a virtual circuit between end-user applications. 

• UDP is connectionless and unacknowledged. Because it has eliminated all of the 
acknowledgment mechanisms, UDP is fast and efficient. UDP does not divi e 
application data into pieces. Reliability is assumed to be handled by t e 
upper-layer protocols, by a reliable lower-layer protocol, or by an error-toleran 
application. 
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Internet 

Network 

Interlace 


Transmission Control 
Protocol (TCP) 

User Datagram 
Protocol (UDP) 


Figure 8-4 

Application 
developers 
can select a 
connection 
oriented tTCI 
or connectioi 
less I UDP) 
transport 


Typically, TCP connections are slower to establish, but they provide data streaming and 
very fast, guaranteed delivery of information. UDP, on the other hand, does not use a 
setup routine, but it also does not provide guaranteed delivery. If packets are lost in a 
UDP communication, the upper layer must have timers and timeout mechanisms in 
place to retry the transmission. 

TCP Segment Format 

Figure 8-5 shows the TCP segment format. 


| 


16 

16 

32 

32 

Source 

Port 

Dest. 

Port 

Sequence 

Number 

Acknowledgment 

Number 

16 

16 

16 

Oor 32 

Window 

Check¬ 

sum 

Urgent 

Option 


Figure 8-5 

TCP segment 
format 


Field definitions in the TCP segment include the following: 

• Source Port —Number of the sending port; identifies upper-layer protocol in 
sending host 

• Destination Port —Number of the destination port; identifies upper-layer 
protocol in destination host 

• Sequence Number —Position in the senders’ byte stream of the data in the 
segment; used to establish reliability 
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• Acknowledgment Number —Next expected TCP octet; used to establish 
reliability 

• HLEN _Number of 32-bit words in the header; indicates where the data 

begins 

• Reserved— Set to zero 

• Code Bits —Control functions (such as SYN bits for setup and FIN bits for ter- 
mination of a session) 

• Window —Number of octets that the sender is willing to accept; size of receive 
buffers 

• Checksum —Calculated checksum of the header and data Helds; verifies 
datagram arrives in tact 

• Urgent Pointer —Indicates the end of the urgent data; used to signify 
out-of-band data 

• Option —One currently defined: maximum TCP segment size; used by vendors 
to enhance their protocol offering 

• Dahl —Upper-layer protocol data 

Port Numbers 

Both TCP and UDP use port (or socket) numbers to pass information to the upper lay¬ 
ers. Port numbers are used to keep track of different conversations crossing the network 
at the same time. 

Application software developers agree to use well-known port numbers that are defined 
in RFC1700. For example, any conversation bound for the FTP application uses the 
standard port number 21, as shown in Figure 8-6. 
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In most cases, the TCP port number on one side of a conversation is the same on the 
other side. For example, when a file transfer takes place, the software on one host is 
communicating with a peer application on another host. 

In the example in Figure 8-7, you see a Telnet (TCP port 2.3) session. It is possible to 
have multiple Telnet sessions running simultaneously on a host or router. Telnet selects 
an unused port number above 1023 to represent the source port for each independent 
session. Notice that the destination port is still 23. 

Port numbering is important to understand in order to configure IP extended access 
lists. Extended access lists can block or forward data based on these numbers. Extended 
access lists are covered in greater detail in Chapter 13, "Basic Traffic Management with 
Access Lists.” 

TCP Handshake/Open Connection 

For a connection to be established or initialized, the two TCPs use processes or end sta¬ 
tions instead of “TCPs” and must synchronize on each other’s initial sequence numbers 
(ISN). Sequence numbers are used to track the order of communications and to ensure 
that there are no missing pieces of data in a communication that requires multiple pack¬ 
ets. The initial sequence number is the starting number used when the TCP connection 
is established. 

Synchronization is accomplished by exchanging segments carrying the ISNs and a con¬ 
trol bit called SYN (for synchronize). (As a shorthand, segments carrying the SYN bit 
are also called SYNs .) Successful connection requires a suitable mechanism for picking 
an initial sequence number and a slightly involved handshake to exchange the ISNs. 

Synchronization requires that each side send its own ISN and receive a confirmation 
and ISN from the other side of the connection. Each side must receive the other side s 
ISN and send a confirming acknowledgment in a specific order, outlined in the follow¬ 
ing steps: 


1. A [-»! B SYN my sequence number is X 

2. A [<—| B ACK your sequence number is X 

3. A [<-) B SYN my sequence number is Y 

4. A [—»] B ACK your sequence number is Y 


Because the second and third steps can be combined in a single message, this exchangej 
is called the three-way handshake , as shown in Figure 8-8. 

This sequence is like two people talking. The first person wants to talk to the secoo 
so she says, “I would like to talk with you.” (SYN.) The second person respontj 
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Data cannot 
be exchanged 
until the 
three-way 
handshake 
has been sue 
cesstully com 
pleted 


(SYN, ACK.) The first person then says. 


"Fine; let’s 


"Good. I want to talk with you. 
talk.” (ACK.) 

A three-way handshake is necessary because sequence numbers are not tied to a global 
clock in the network, and TCPs may have different mechanisms for picking the ISN 
The receiver of the first SYN has no way of knowing if the segment was an old delayed 
one, unless it remembers the last sequence number used on the connection (which is not 
always possible), and so it must ask the sender to verify this SYN. 

At this point, either side can begin communicating, and either side can break the con¬ 
nection. TCP is a peer-to-peer (balanced) communication method. 

TCP Simple Acknowledgment and Windowing 

The window size determines how much data the receiving station can accept at one 
time. With a window size of 1, each set of bytes must be acknowledged before another 
set of bytes is transmitted, which results in inefficient use of bandwidth by the hosts. 

The purpose of windowing is to improve flow control and reliability. Unfortunately, 
with a window size of 1, you see a very inefficient use of bandwidth, as shown in 
^Figure 8-9. 

> govern the flow of data between devices, TCP uses a flow control mechanism. 3 he 
*iving TCP reports a window to the sending TCP. This window specifies the number 
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Figure 8-9 
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manage buffer space and processing. A larger window size allows more 
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data to be processed. 

r i more information on windowing in RFCs 793 and 813. Also, you can find 
Youca " " |o „ of bas i c TCP windowing in TCP/IP Illustrated. Vot. /, by Richard W. 
an exp ana ^ New York, New York: Addison-Wesley, 1994). 
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TCP Sequence and Acknowledgment Numbers 

TCP provides sequencing of segments by numbering each datagram before transmis- 
At the receiving station, TCP reassembles the segments into a complete message. 
IfT sequence num ber is missing in the series, that segment is retransmitted. Segments 
that are not acknowledged within a given time period result in retransmission. 

The sequence and acknowledgment numbers are directional, which means that the 
communication occurs in both directions. Figure 8-11 h.ghlights the communication 
going in one direction. The sequence and acknowledgments take place with the sender 
on the right. TCP provides full-duplex communication. Acknowledgments provide reli¬ 
ability. Another example of a sequenced, connection-oriented protocol is SPX 
(Sequenced Packet Exchange) for NetWare. 
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Figure 8-12 

UDP has no 
sequence or 
acknowledg¬ 
ment fields. 


UDP Segment Format 

UDP uses no windowing or acknowledgments. Application-layer protocols can provide 
reliability. UDP is designed for applications that do not need to put sequences of seg¬ 
ments together. 

Protocols that use UDP include TFTP, SNMP, Network File System (NFS), and Domain 
Name System (DNS). As you can see in Figure 8-12, a UDP header is relatively small 
(only eight bytes). However, DNS can use TCP, as well. 



An example that shows how reliability is handled when using UDP is TFTP (Trivial File 
Transfer Protocol). TFTP uses a checksum. At the end of the transfer, if the checksum 
does not match, the file did not make it. The user is notified and must type the command 
again. As a result, the user has become the reliability mechanism. 

Internet Layer Overview 

The Internet layer of the TCP/IP stack corresponds to the network layer of the OSI 
model. Each layer is responsible for getting packets through an internetwork using soft¬ 
ware addressing. 

As shown in Figure 8-13, two protocols operate at the TCP/IP Internet layer, which cor¬ 
responds to the OSI network layer. These include: 

• IP, which provides connectionless, best-effort delivery routing of datagrams. It 
is not concerned with the content of the datagrams. Instead, it looks for a way 
to move the datagrams to their destinations. 

• Internet Control Message Protocol (ICMP), which provides control and 

messaging capabilities. , 

Note that routing protocols are usually considered layer-management protocols 
support the network layer. OSPF is totally contained within the network layer. 
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IP Datagram 

Figure 8-14 shows the format of an IP datagram. IP datagrams contain an IP header 
and data and are surrounded by the MAC layer header and MAC layer trailer. 
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Field definitions within this IP datagram are as follows: 

• VERS —Version number; the current popular version is IP version 4; the next 
generation of IP (called IPng) is IP version 6. IPng is covered in RFC 1752. 

• HLEN —Header length in 32-bit words; indicates where the transport header 
starts. 

• Type of Service —How the datagram should be handled; specifies reliability, 
precedence, delay, and throughput parameters. 

• Total Length —Total length (header and data); this includes all upper-layer 
headers. 

Identification, Flags, Frag Offset —Provides fragmentation and reassembly of 
datagrams to allow differing MTUs (Maximum Transmission Units) or frame 
sizes in the internetwork. 
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Figure 8-15 

ICMP provides 
error and 
control mech¬ 
anisms. 


• TTL —Time To Live; Time To Live is a countdown Held. Every station must 
decrement this number by one or by the number of seconds it holds onto the 
packet. When the counter reaches zero, the Time To Live expires, and the 
packet is dropped. TTL keeps packets from endlessly wandering the Internet in 
search of nonexistent destinations. 

• Protocol —Identifies the upper-layer (Layer 4) protocol that should receive the 
datagram. Although most IP traffic uses TCP, there are other protocols that can 
use IP. Transport-layer protocols are numbered similarly to port numbers. 

Note that protocol numbers connect, or multiplex, IP to the transport layer. 
These numbers are standardized in RFC 1700. Cisco uses these numbers in 
filtering with extended access lists. 

• Header Checksum —Integrity check on the header. 

• Source and Destination IP Addresses —32-bit IP addresses that identify the end 
devices involved in the communication. 

• IP Options —Network testing, debugging, security, and others. 


Internet Control Message Protocol (ICMP) 

ICMP resides at the Internet layer, as shown in Figure 8-15. 
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The ICMP ,s implemented by all TCP/IP hosts. ICMP messages are carried in IP data¬ 
grams and use myriad types of defined messages. The following list shows some of the 
most common and useful ICMP message types: 

• Destination Unreachable— Report unreachable destination 

• Time Exceeded— Detect circular pockets 

• Parameter Problem— Faulty IP packet structure 

• Source Quench —Flow control 

• Redirect —Route change 

• Echo —Test reachability 

• Echo Reply —Test reachability 

• Timestamp —Clock sync—Transit time estimation 

• Timestamp Reply Clock sync—Transit time estimation 

• Information Request— Obtain a network address 

• Information Reply— Obtain a network address 

• Address Mask Request— Obtain a subnet mask 

Refer to RFC 1700 for a more complete list of ICMP messages. 


ICMP Testing 

If a router receives a packet that it is unable to deliver to its ult.mate destination, the 
router sends an ICMP host unreachable message to the source, as shown in Figure 8-16. 

The message might be undeliverable because there is no known route to the destination. 

'™ P " eVen Simpler than UDP ,CMPdoes not use P° rt numbers ^ i« header because 
ILMP messages are interpreted by the network software itself; therefore, no port 
numbers are needed to determine the destination of the message. ICMP does, however 
include a type field, and it identifies the ICMP message type echo request 
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ICMP is a tremendous network design and troubleshooting tool. 


An echo reply is a successful reply to a ping command; however, results could include 
other ICMP messages, such as unreachables and timeouts, that indicate the ping request 
couldn’t reach the destination. Figure 8-17 shows host A sending an echo request to 
host B. Upon receipt of the echo request, host B sends an echo reply back to host A. 
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Another tool that uses ICMP is traceroute. Traceroute provides a list of the routers 
along the path between two devices. 

Address Resolution Protocol 

Address Resolution Protocol (ARP) is used to resolve or map a known IP address to a 
MAC sublayer address to allow communication on a multiaccess medium such as 
Ethernet. To determine a destination address for a datagram, the ARP cache table is 
checked. If the address is not in the table, ARP sends a broadcast looking for the desti 
nation station, as shown in Figure 8-18. 
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On the local segment, RARP can he used to init.ate a remote operating system load 
sequence. For example, RARP can be used to boot diskless workstations over a net¬ 
work. ARP and RARP are implemented directly on top of the data link layer. 

Summary 

In this chapter, you read a brief overview of the TCP/IP protocol suite. You learned all 
about the TCP/IP protocol stack, as well as the four TCP/IP conceptual la vers You also 
reviewed the protocols maintained at the network layer, including IP (and the IP header 
structure) and ICMP. Finally, this chapter covered MAC to IP address resolution with 
ARP and RARP. The following two chapters. Chapter 9, “IP Addressing," and Chapter 
10, “IP Routing Configuration," delve further into configuring an IP internetwork 
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Question 8.1 


What are the four TCP/IP conceptual layers? 


Estimated time: IS minutes 


Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key." Use the infor¬ 
mation contained in this chapter to answer the following questions. 


- -w ** 


8.2 

Which OSI layer does IP map to? 


'cr does UDP map to? 






206 


Introduction to Cisco Router Configuration 


Question 8.4 

For each statement, write the name of the protocol being described. 


Protocol Name 


Statement 


Maps a known IP address to a MAC sublayer address 

Includes Layer 4 protocol ID in header 

Used to send Destination Unreachable messages 

Breaks messages into datagrams 

Uses sequence numbers 

Relies on application-layer reliability 

Provides best-effort delivery 

Reassembles datagrams into messages 

Handshakes with receiving device 

Used to send error and control messages 

Provides connectionless transmission 


Sends acknowledgments 
Uses no windowing 


IP Addressing 


This chapter presents the details of IP address classes, network and node addresses, and 
subnet masking. The test at the end of the chapter lets you evaluate your understanding 
of IP address configuration. 


'9 
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TCP/IP Address Overview 

In a TCP/IP environment, end stations communicate seamlessly with servers or other 
end stations. This communication occurs because each node using the TCP/IP protocol 
suite has a unique 32-bit logical address. 

Often traffic is forwarded through the internetwork based on the name of an organiza¬ 
tion rather than an individual person or host. If names are used instead of addresses, the 
names must be translated to the numeric address before the traffic can be delivered. Loca¬ 
tion of the organization will dictate the path the data follows through the internetwork. 

EaC h C Hk Pany llSted ° n the mternetwork ' s treated as a single network that must be 
reac e before an individual host within that company can be contacted. Each com- 
^ as an address; the hosts that populate that network share those same 
> ut each host is identified by the uniqueness of the remaining bits. 
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IP Addressing Overview 

An IP address is 32 hits in length and has two parts: 

• Network number 

• Host number 

The 32 bus are divided into four octets (an octet is eight bits; that is. one byte) 
Although computers have no difficulty dealing with a 32-bit number, humans do- there¬ 
fore, you must translate the binary value of each octet into a decimal equivalent to cre¬ 
ate an address format known as dotted-decimal notation, as shown in f igure 9-| A 
sample dotted-decimal address is 172.16.122.204. 
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Figure 9-1 

IP addresses 
are four octets 
(or four bytes) 
long and 
contain a net 
work and host 
portion. 


◄ --- 

- 32 bits — 

__ 


Network 


Host 



< - 8 bits —► 

8 bits -► 

8 bus -► <- 8 bits -► 





172 

16 

122 

204 

172 

17 

122 

204 


Network 172 17 0 0 



UNIX Hosl 
172 16 122 204 I 



Company A 


irfi 


Company B 


Network 172.16.0.0 




The allocation of addresses is managed by a central authority, the Internet Assigned 
Numbers Authority (IANA). 

This most common form of addressing reflects the widely used IP version 4. Faced with 
the problem of depleting available addresses, Internet Engineering Task Force (IETF) 
work is under way for a backward-compatible next generation of IP (IPng, now referred 
to as IPv6). 

IPv6 will offer expanded routing and addressing capabilities with 128-bit addresses 
rather than the 32-bit addresses shown in Figure 9-1. Addresses from both IP versions 
will coexist. Initial occurrences of the IPv6 addresses will probably be at locations with 
address translator software and firewalls. 

In some sections of this book, you will work with the addresses on the bit level, so you 
will convert these addresses into binary, make changes to them, and convert them back 
to decimal form. Refer to Appendix E, “Decimal to Hexadecimal and Binary Conver¬ 
sion Table,” for a binary conversion table. 

IP Address Classes 

When IP was first developed, there were no classes of addresses. Now, for ease of 
administration, the IP addresses are broken into classes, as shown in Figure 9-2. 
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N = Network number 
H = Host number 


Class D: for multicast 
Class E: for research 


The minimum value for an octet is 0; it contains all zeros. The maximum value for an 
octet is 255; it contains all ones. Later in this chapter, you’ll learn how the binary format 
is used in IP addressing. 




There are only 254 Class A addresses, but each address can support up to 16 million 
hosts. There are 64,000 Class B addresses, which can support up to 64,000 hosts. There 
•re more than 16 million Class C addresses possible, each supporting up to 254 hosts. 
( ass D and E addresses are also defined. Class D addresses start at 224.0.0.0 and are 
for multicast purposes. Class E addresses start at 240.0.0.0 and are used for exper¬ 
imental purposes by Internet designers and engineers.) 

num ^ cr host addresses possible, perform the following equation, where 
|, e number of bits in the host portion: 


Figure 9-2 
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(2 2) = available host addresses 
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For example, consider the network address 200.99.44.0 (a Class C addressl. There are 
eight bits available in the host portion. The formula is (2 s - 2) = 254 

The reason you must subtract two from the number is to reserve two special host ID 
numbers: all zeros and all ones. All zeros is used to indicate the network (for ex unple 
200.99.44.0), and all ones in the host ID portion .s reserved for a network broadcast 
(for example, 200.99.44.255). 

This addressing scheme allows the addresses to be assigned based on the size of the net¬ 
work. This address design was based on the assumption that there would be many more 
small networks than large networks in the world. 

As the number of networks grows, classes may eventually be replaced by another 
addressing mechanism, such as classless interdomain routing (CIDR). RFC 1467, "Sta¬ 
tus of CIDR Deployment in the Internet,” presents information about CIDR RFC 
1817, “CIDR and Classful Routing,” also presents CIDR information. 

IP Address Bit Patterns 

Figure 9-3 shows the structure of Class A, B, and C addresses. 
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The value of the first byte of an address determines the class of the address, as well as 
how many bits make up the network portion of the address. The scope of each class is 
as follows: 

• Class A 

Range of network numbers: 1.0.0.0 to 126.0.0.0 
Number of host addresses: 16,777,214 (16,777,216 - 2) 

• Class B 

Range of network numbers: 128.0.0.0 to 191.255.0.0 
Number of host addresses: 65,534 (65,536 - 2) 

• Class C 

Range of network numbers: 192.0.0.0 to 223.255.255.0 
Number of host addresses: 254 (256 - 2) 

• Qsss D addresses include 

Range of network numbers: 224.0.0.0 to 239.255.255.0 

The First Octet Rule 

The first octet rule states that the class of "n address can be determined by the numerical 
value of the first octet. 

Once the first octet rule is applied, the router identifies how many bits it must match to 
interpret the network portion of the address (based on the standard address class), as 
shown in Figure 9-3. If there is no further identification of additional bits to use as part 
of the network address, the router can make a routing decision using this address. 

The range of class addresses is as follows, with the first octet represented in decimal: 

• 1 to 126—Class A address 

• 128 to 191— Class B address 

• 192 to 223—Class C address 

• 224 to 239—Class D address 
p • 240 to 255—Class E address 
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contains entries for network or wire addresses; it usually does not contain any informa¬ 
tion about hosts. 

An IP address and subnet address on an interface achieve three purposes: 

• Enable the system to process the receipt and transmission of packets 

• Specify the device's local address 

• Specify a range of addresses that share the cable with the device 

The router is able to distinguish the network portion from the host portion of the 
address by using a mask that you configure on the interface of the router. Masks also 
use dotted-decimal format. The default or standard mask for a Class B address looks 
like this: 255.255.0.0. 

The standard or default masks for Classes A, B, and C follow: 


• A—255.0.0.0 

• B— 255.255.0.0 

• C—255.255.255.0 


These default masks have all the network bits set to one. 


A value of zero refers to “this network" or "the wire itself" (for example, 172 . 1 6.0.0U 
(It was also used for IP broadcasts in some early TCP/IP implementations, although* 
is rarely found now.) ! 

The use of all zeros is called subnet zero. By convention, subnet zero is now rese^H 
and cannot be used to represent interfaces, but refers to the wire itself. The routing qj 


Figure 8-4 

All hosts must 
have non iero 
IP addresses 


Without Subnets 


outside world sees the organization as a single network, and no detailed knowledge 
internal structure is required. For example, in Figure 9-5, all datagrams addressed 
172.16 are treated the same way, regardless of the third and fourth octet of the 
A benefit of this configuration is the relatively short routing tables that routers 

use. 


Note that the number 127.0.0.0 is reserved for the loopback address. The loopback K 
address is used by a device to address itself internally. This technique is used to test the X 
local device's TCP/IP stack and identify possible stack corruption. 

Jfr 

Concepts of IP Address Configuration 

This section focuses on basic concepts you need to understand before configuring an IP 
address. By examining various network requirements, you can select the correct class of 
address and define how to establish IP subnets. 

Host Addresses 

Each device or interface must have a non-zero host number. A host address of all ones 
is reserved for an IP broadcast into that network, as shown in Figure 9-4. : i 
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Network addressing with the scheme set up so far has no way of distinguishing individ¬ 
ual segments (wires) within the network. Inside the cloud having no subnets, you have 
a single large broadcast domain; all systems on the network encounter all the broad¬ 
casts on the network. This type of configuration can result in relatively poor network 
performance. 

By default, this Class B address space defines one wire with 65,000 workstations on it. 
Subnets enable you to divide this wire into segments. 


Addressing with Subnets 

With subnets, the network address use is more efficient. There is no change in how the 
outside world sees the network, but within the organization, there is additional structure. 

In the example in Figure 9-6, the network 172.16.0.0 is subdivided or broken into four 
subnets: 172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0. Routers determine the 
destination network using the subnet address, thus limiting the amount of traffic on the 
other network segments. 
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A network device uses a subnet mask to determine what part of the IP address is used 
for the network, the subnet, and the host address or IP. A subnet mask is a 32-bit value.) 
containing a number of one bits that correspond to the network and subnet portions < 
the address, and a number of zero bits that correspond to the host portion. 
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IP Addressing 


Given its own IP address and subnet mask, a device can determine if an IP packet is des¬ 
tined for the following: 

• A device on its own subnet 

• A device on a different subnet on its own network 

• A device on a different network 

A device can determine what class of address the device has been assigned from its own 
IP address. The subnet mask then tells the device where the boundary is between the 
subnet ID and the host ID. Subnet masks are discussed in greater detail in the following 
pages. 


Subnetting Addressing 


From the addressing standpoint, subnets are an extension of the network number. Net¬ 
work administrators decide the size of subnets based on organization and growth needs. 


Network devices use subnet masks to identify which part of the address is considered 
network and which part is used for host addressing, as shown in Figure 9-7. 




Network Subnet Host 



Figure £-7 

Subnet mask 
mg uses part 
of the host 
address as 
a subnet 
portion 


172.16.2.0 

172.16.3.0 


E0 
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Subnet Mask 

As noted earlier, an IP address is 32 bits in size, written as four octets. A subnet mask 
is also 32 bits in size, written as four octets, and consists of a series of contiguous ones 
followed by contiguous zeros. Like IP addresses, subnet masks can be expressed in 
dotted-decimal as well as binary notation. 

Subnet masks indicate which of the bits in the host field of the IP address are used to 
specify different parts (subnets) of a particular network. Figure 9-8 shows an IP address 
and two relevant subnet masks. The first mask is the default mask. It reserves the first 
two bytes for the network portion and the last two bytes as the host portion. The second 
mask shown is a subnet mask that borrows bits from the host portion to increase the 
number of networks possible. 


Figure 9-8 


The subnet 

IP 

mask identi¬ 

Address 

fies sections 


(subnets1 of a 

Default 

larger net¬ 

Subnet 

work. 

Mask 


8 -bit 


Subnet 


Mask 


Network -► <— -- Host -► 



Use host bits - 

The layout of the subnet mask field is as follows: 

• Rinary 1 for the network bits 

• Binary 1 for the subnet bits 

• Binary 0 for the host bits 


Decimal Equivalents of Bit Patterns 

Subnet bits come from the high-order bits of the host field. To determine a subnet mask] 
for an address, add the decimal values of each position that has a 1 in it. For examp*^ 
in Figure 9-9, the values of each bit position are shown. As you’ll notice, you perfod 
binary to decimal conversion by simply adding up the bit equivalents represented 
1 in their bit position. For example: 


224 = 128 + 64 + 32 




I. 


pa 
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R cause the subnet mask is not defined by the octet boundary but by bits, you need to 
convert dotted-decimal addresses to binary and back into dotted-decimal. (Refer to 
Appendix E for help with binary conversions.) 

128 64 32 16 8 4 2 1 

*1 0 0 0 0 0 0 r = | 128 1 

1 1 0 0 0 0 0 0 = 1 192 I 


1 1 1 1 0 0 0 0 = 


Figure 9-9 

Each bit posi¬ 
tion has a dec¬ 
imal value. 


1111110 

1111111 


11111 


= [ 255 ] 


1 

T Subnet Mask Without Subnets 

C A default subnet mask, also known as a standard or internal subnet mask, is associated 
i| iwith an IP address when no subnetting is required. The first subnet mask in Figure 9-8 
|| is a default mask. In binary, a default mask has all ones for the network portion of the 
Ht-IP address and all zeros for the host portion. 

The router extracts the IP destination address from the packet and retrieves the internal 
^fctubnet mask. The router examines the bits that have been masked off for the network 
Hgportion to obtain the network number. During the process of determining the network 
eB^ddress, the host portion of the destination address is removed. Routing decisions are 
B»,^then based on the network number only. 

the example from Figure 9-7: 


Packet IP address: 172. 16.2.160 
Default subnet mask: 255.255.0.0 
Network: 172. 16.0.0 


!| 00 subnetting, the network number that is extracted is 172.16.0.0. 
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Subnet Mask with Subnets 

When subnetting of an IP address is rennirp,! ,k„ k , 

ones for the network and subnet portions of the add^ 7 T' of ail 

non. The second mask in Figure 9-8 s an 8 ’ J, ’, d J J zcr, “ h,r thl ' Pot- 

Continuing the example from Figure 9-7, with eight bits of subnetting |)ss>5P,tm 
Je extracted network (subnet) number from the address 172.16 2 160 is'TWTfi 2 n 

^ ** ^ - - total address as 

Packet IP address: 172.16.2.160 
8-bit subnet mask: 255.255.255.0 
Network: 172.16.2.0 

^Kht^host 1 b^ts e ^ThL°s^uhner X fiph^^usecTto '*present > ‘ K f by “ borrowin 8” 

. •'-Present *ubnerworks inside rhe network. 

Subnet Planning 

Sr 9 h ‘ °’ the " et Tj has bcen assigned a Class C address of 20 1 .222 5 0 Assume - 


Figure 9-10 

Consider the 
number of 
networks and 
hosts per net¬ 
work when 
selecting a 
subnet mask. 


201.222.5.8 




20 subnets 
5 hosts per subnet 
Class C address: 
201.222.5.0 


201.222.5.16 


201.222.5.32 
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Select a subnet Held size that yields enough subnetworks. In this example, choosing a 
5-bit mask allows 30 (25 = 32 - 2 = 30 total subnets possible) subnets. In the example, 
the subnet addresses are all multiples of eight, such as 201.222.5.8, 201.222.5.16, and 
201.222.5.24. 

The remaining bits in the last octet are used for the host Held. The three bits in the exam¬ 
ple allow enough hosts to cover the required five hosts per wire. The host numbers will 
be 1,2, 3, and so forth. 

The final host addresses are a combination of the network/subnet “wire” starting 
address plus each host value. The hosts on the 201.222.5.16 subnet would be addressed 
as 201.222.5.17, 201.222.5.18, 201.222.5.19, and so forth. 

A host number of zero is reserved for the wire address, and a host value of all Key 
ones is reserved for a network broadcast because it selects all hosts. Concept 

ft 1 Table 9-1 shows a subnet planning example for a Class B address; a routing example 
^ combines an arriving IP address with the subnet mask to derive the subnet number. The 
E extracted subnet number should be typical of the subnets generated during this plun¬ 
ge ning exercise. For an extended table of subnetting, refer to RFC 1878. 


Subnet Mask 


255.255. 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 

255.255 


192.0 

224.0 

240.0 

248.0 

252.0 

254.0 

255.0 

255.128 

255.192 

255.224 

255.240 

255.248 

255.252 


No. Subnets 

2 

6 

14 

30 

62 

126 

254 

510 

1022 

2046 

4094 

8190 

16,382 


Table 9-1 

Subnet 
planning 
example for a 
Class B 
address 












Class B Subnet Planning Example 

Consider a Class B subnet based on the following information: 

Subnet address: 172.16.2.0 
Subnet mask: 255.255.255.0 

1 he entire third byte of the address is available for subnetting; the entire fourth byte is 
available for host addresses (172.16.2.1-172.16.2.254). The network address for this 
subnet is 176.16.2.0. The broadcast address for this subnet is 172.16.2.255. 

This network has eight bits of subnetting that provide up to 254 subnets and 254 host 
addresses. 


Class C Subnet Planning Example 

C.lass C addresses are much more difficult to subnet because vou must split up the last 
byte into two portions: the subnetwork portion and the host portion. In Figure 9-11, 
Class C network is subnetted to provide six host addresses and 30 subnets. 


Table 9-2 should help in this process. The first column (No. Bits) indicates how many 
bits must be borrowed from the host portion to create a subnetwork address. The sec¬ 
ond column (Subnet Mask) provides the decimal value of the subnet mask used. 
Table 9-2 also indicates the number of subnetworks and hosts per subnetwork that are 
possible with each of these masks. 


Table 9-2 No U,ts 

Subnet Mask 

No. Subnets 

No. Hosts 

Class C 2 

255.255.255.192 

2 

62 

subnet 




reference $ 

255.255.255.224 

6 

30 

chart. ^ 

255.255.255.240 

14 

14 

5 

255.255.255.248 

30 

6 J3 

6 

255.255.255.252 

62 

2 ti 


Fake a look at that Class C subnet shown in Figure 9—10 again. You’ve masked off 
bits of the host ID portion to use as the subnet area (11111000). Now the subnet ' 
is as follows: 

255.255.255.248 



The subnet number is defined based on the mask, as shown in Figure 9-11. 


IP Host Address 
Subnet Mask 
Subnet Address 


201 222 5 121 
255 255 255248 
201 222 5 120 

Network 


Subnet Host 


201.222.5 121: 

11001001 

11011110 

00000101 

01111 

1 

001 

255.255.255 248 

11111111 

11111111 

11111111 

11111 

1 

000 

Subnet: 

11001001 

11011110 

00000101 

01111 

1 

000 

IP Host Address: 

201 

222 

5 

120 

♦ 

1 


Broadcast Addresses 

K Broadcasting is supported on the Internet. Broadcast messages are those you want every 
|| host on the network to see. The broadcast address is formed by using all ones within 
the IP network address. 

cThe Cisco IOS software supports two kinds of broadcasts: 

£ 

Directed broadcasts (subnet broadcasts) 

Flooded broadcasts (local broadcasts) 

broadcasts (255.255.255.255) are not propagated but are considered local 
ideasts, as shown in Figure 9-12. Broadcasts directed into a specific network are 
Td and are forwarded by the router. These directed broadcasts contain all ones in 
portion of the address. 




172.16.1 0 


172.16.3 255 -^ 

(Directed broadcast) 

^ 255 255 255 255 ■ ^ X 
(Local network broadcast) 


Figure 9-11 

In order to 
subnet a Class 
C address, you 
must borrow 
some of the 
host bits to 
use for a sub¬ 
net portion. 


Figure 9-12 

You can 
broadcast 
locally or to a 
subnet. 


11111111 . 11111111 . 11111111.11111000 
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You can also broadcast messages to all hosts within a single subnet and to all subnets 
within a network. To broadcast a message to all hosts within a single subnet the host 
portion of the address contains all ones. The following example broadcasts messages to 
all hosts in network 172.16, subnet 3 (assuming a 255.255.255.0 mask): 

All hosts on a specific subnet s 172.16.3.255 

You can also broadcast messages to all hosts on all subnets within a single network To 
broadcast a message to all hosts on all subnets within a single network, the host and 
subnet portions of the address contain all ones. The following example broadcasts mes¬ 
sages to all hosts on all subnets in network 172.16: 

All hosts on all subnets in a specific network = 172.16.255.255 
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Configuring IP Addresses 

Table 9-3 shows the address configuration commands. 


Command Level 

Router(config-tf)# 

Router# 


Router(config-if)# 


ip address ip-address 
subnet-mask 

term ip 

netmask-format 

{bitcountldecimall 

hexadecimal) 

ip netmask-format 
{bitcountldecimall 
hexadecimal) 


Pur P° Se _ Table 9-3 

Assigns an address and subnet mask to ip address 
an interface; starts IP processing commands 

Sets format of network mask for 
current session 


Sets format of network mask tor a 
specific line 


RrnaHcaetc alu/owc and occ r> _a. « 

„o,, i e,,„ wun ,jj, uunsidei a wiass L network 201 222.5.0 that is 

being split with a router. If a company chooses a four-bit subnet (255.255.255 2401 and assigns 
subnet address 201 222.5.160 to one side, what is the broadcast address for this subnet? 

Hint. Check the binary table for a number that would put all ones in the host IP por- 
tion-201 222.5.175. Therefore, this IP address cannot be assigned to an individual station. 


Configuration Commands 

Now that you have an understanding of the concepts behind IP addressing, this section 
turns to the IOS commands used in configuring IP addresses and related routing 
capabilities. j 


Use the ip address command to establish the IP network address of this interface. The 
command itself is followed by an IP address and subnet mask, both in dotted decimal 
form. 

As discussed, IP uses a 32-bit mask, called a subnet mask or netmask, that indicates 
which address bits belong to the network and subnetwork fields and which bits belong 
to the host field. The show ip interface command displays a summary of an interface's 
IP information, including its IP address and netmask. By default, the netmask is dis¬ 
played in dotted-decimal notation. For example, a subnet would be displayed as 
; 131.108.11.55 255.255.255.0. 

* You can also display the network mask in hexadecimal format. The hexadecimal format 
commonly used on UNIX systems. An example of this format is OxFFFFFFOO for a 
Betmask of 255.255.255.0. The leading Ox indicates that the number is in hexadecimal 
formal. In this format, two characters are required to define a byte value. For example, 
yhe first byte is FF (all ones in binary or 255 in decimal format). 

Toucan also display the netmask in a bit-count format. This format appends a slash (/) 
Kind the total number of bits in the netmask to the address itself. An example of this for- 
is 131.108.11.55/24, which indicates that the first 24 bits are used for the network 


the term ip netmask-format command at the EXEC mode prompt to specify the 
t of network masks for the current session. The mask format will revert to the 
* of bit count when you exit the current session. 
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To specify the network mask format for a specific line, enter the ip netmask-format 
command in line configuration mode. 

IP Host Names 

The Cisco IOS software maintains a table of host names and their corresponding 
addresses also called host name-to-address mapping (discussed in more detail m the 
sect,on Name-to-Address Schemes"). Higher-layer protocols such as Telnet use host 
names to identify network devices (hosts). The router and other network devices must 
he able to associate host names with IP addresses to communicate with other IP devices. 

Issue the ip host command from global configuration mode to mam,alls assign host 
names to addresses. The complete form of the command is as follows: 

lp host name [tepport number] address [address] 
where the variable elements of the command have the following meanings: 

. name— Any name you prefer to describe the destination. 

• tep-port-number- Optional number that identifies TCP port to use when using 

the host name with an EXEC connect of Telnet command. The default is port 
zJ for Telnet. r 

• address IP address or addresses where the device can be reached. 

Following are two examples of the ip host command: 
ip host PIR1 1.0.0.5 2.0.0.8 

ip host P1R2 1.0.0.4 d 

The first example defines a host named PIRI and two network addresses for reaching 1 
it. I he second example defines a host named PIR2 and defines one network address for J 
reaching it. 

| 

Name Server Configuration 

The ip name-server command in global configuration mode defines which hosts can pro- 9 
vide DNS name services. DNS name servers can answer name queries directly or look 1 
up answers on behalf of clients on the network. A maximum of six IP addresses can be 
specified as name servers in a single command. The form of the command is as follow^K 

ip name-server server - addressl [(server address2]. . . 
server address6 )... 


r 


m 

i * 


W: 




f-M 
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To map domain names to IP addresses, you must identify the host names and specify a 
name server with this command, where [server-address] is the address of the domain 
name server to use. 

The Domain Name System (DNS) process is on by default. You can, however, option¬ 
ally identify the default domain name with the command 

IP domain-name (name of default domain] 

Any time the operating system software receives a command or address it does not rec¬ 
ognize, it refers to DNS for the IP address of that device. 

Name-to-Address Schemes 

Each unique IP address can have a host name associated with it. The Cisco IOS software 
maintains a cache of host name-to-address mappings for use by EXEC commands. This 
cache speeds the process of converting names to addresses. 

IP defines a naming scheme that allows a device to be identified by its location in IP. A 
name such as ftp.cisco.com identifies the domain of the File Transfer Protocol for Cisco. 
To keep track of domain names, IP identifies a name server that manages the name 
cache. 

The DNS is enabled by default with a server address of 255.255.255.255, which is a 
local broadcast. In case the DNS has been turned off, you can re-enable it with the com¬ 
mand ip domain-lookup. The no ip domain-lookup command turns off name-to-address 
translation in the router. Doing so means that the router will not forward name system 
broadcast packets. 

Display Host Names 

The show hosts [host name] command is used to display a cached list of host names and 
•ddresses. 

Figure 9-13 shows output from the show hosts command. You can obtain the following 
•perific information about a host name entry from the output: 

• Host—Names of learned hosts 

• Flags—Descriptions of how information was learned and its current status 

• perm—Manually configured in a static host table 

• temp—Acquired from DNS use 


1 


1 
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Figure 9-13 

Output from 
the show 
hosts com¬ 
mand. 


Router# show hosts 

Default domain is not set 




Name/address lookup uses static mappings 


Host 

Flags 

Age 

Type 

Address (es) 

P1R1 

(perm, OK) 

5 

IP 

144.253.100 200 133.3 132 
133.3.5.1 

P2R1 

(perm. OK) 

5 

IP 

144.253.100 201 153.50.3.2 
153.50.56 

P2R2 

(perm. OK) 


IP 

128.45.17.4 153.503.200 
153.50.34.17 

- - More - - 

(perm, OK) 


IP 

172.26.40.11 153.50 5 7 
153.50.34.1 


• OK—Entry is current 

• EX—Entry has aged out; it has expired 

• Age—Time measured in hours since software referred to the entry 

• Type—Protocol field 

• Address(es)—Logical addresses associated with the name of the host 


Verifying Address Configuration 

Addressing problems are the most common problems that occur on IP networks. It is 
important to recheck your address configuration before continuing with further config¬ 
uration steps. Three commands allow you to verify address configuration in your inter¬ 
network, as shown in Figure 9-14. 

These three commands perform the following troubleshooting functions: 

• telnet—Verifies the application-layer software between source and destination j 

stations. This is the most complete test mechanism available. { | 

>1 

• ping—Uses the ICMP protocol to verify the hardware connection and the | 
logical address of the network layer. This is a very basic testing mechanism.J 
Both a simple and extended ping command are available. 

• trace—Uses Time To Live (IT L) values to generate messages from each routers 
used along the path. Using the TTL feature allows you to locate failures in thfl 
path from the source to the destination. 
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Figure 9-14 
Use the telnet 
ping, end 
trace com 

mands fo 
verity your 

configuration 


To verify that a router is properly configured for ir, roiiow tnese steps: 

1. Try to Telnet to the router. This tests the application layer. 

2. If you cannot Telnet, try ping. This lets you test end-to-end at the network 
layer. If the ping works, the problem is probably above the network la\er. 

3. If you cannot ping, try trace. This shows you each step along the path to the 
destination router and tells you the last reachable router. With this informa¬ 
tion, you can look for a misconfiguration on that router. 

Telnet Command 

Telnet is a simple application to see whether you can connect to the router. If you cannot 
Telnet to the router, but you can ping the router, you know the problem lies in the 
upper-layer functionality at the router. At this time, you may want to reboot the router 
and Telnet to it again. 

Simple Ping Command 

The ping command sends ICMP echo packets and is supported in both user and privi- 
d EXEC mode. When an ICMP echo packet is received by a device, the receiver sim- 
cchoes back the packet to the source. In Figure 9-15, one ping timed out, as 
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reported by the dot (.), and four were successfully received, as shown by the exclama¬ 
tion points (!). These are the commands that may be returned by the ping test: 

Character Definition 

! Successful receipt of an echo reply 

Timed out waiting for datagram reply 
U Destination unreachable error 

C Congestion-experienced packet 

I Ping interrupted (for example, Ctrl-Shift-6 XI 

Packet type unknown 
& Packet TTL exceeded 


Figure £-15 
The ping com 
mand tests IP 
network 
connectivity 


Router> ping 172.16.101 1 
Type escape sequence to abort. 

Sending 5,100-byte ICMP Echos to 172.16.101.1, 

Timeout is 2 seconds: 

Mil 

Success rate is 80 percent, round-trip min/avg/max = 

6/6/6 ms 

Router> 


Extended Ping Command 

The extended ping command is supported only from privileged EXEC mode. You can 
use the extended command mode of the ping command to specify the supported Inter¬ 
net header options, as shown in Figure 9-16. To enter the extended mode, enter Y (yes) 
at the extended commands prompt. 

In Figure 9-16, the DF (Don’t Fragment) bit is set, and then a ping to successive loca¬ 
tions in the network is performed after doing a trace. The administrator in this case 
experiences poor performance across the network on this path and, therefore, is 
attempting to determine whether the cause is fragmentation. 

The DF bit specifies that if the packet encounters a node in its path configured fora 
smaller MTU than the packet s MTU, the packet is to be dropped and an error message 
sent to the router at the packet's source address. A node configured with a small MTU 
can contribute to problems on the network. When the DF bit is set to Yes, the packet is . 
not fragmented if it encounters a node with an MTU smaller than the packet size. T| 
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Router# ping 
Protocol (ip): 

Target IP-address: 192.168.101.162 

Repeat count (5) 

Datagram size (100) : 

Timeout in seconds [2]: 

Extended commands [n] : y 
Source address: 

Type of service [0]: 

Set DF bit ip IP header? [n]: yes. 

Validate reply data? [no] : 

Data pattern [OxABCD]: 

Loose. Strict. Record. Timestamp. Verbose [none]: 

Sweep range of sizes [n]: 

Type escape sequence to abort. 

Sending 5. 100-byte ICMP Echos to 192.168.101.162, timeout is 2 seconds: 

!!l! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/26 ms 
Router# 


Trace Command 

The trace command, often referred to as traceroute , enables you to see the possible 
end-to-end path, as shown in Figure 9-17. (Recall that using trace allows you to locate 
failures in the path from the source to the destination.) The trace command is supported 
by IP, CLNS, VINES (Banyan), as well as AppleTalk. 


Figure 9-16 

Ping sup■ 
ported for sev- 
era! protocols. 


1 


Router#trace aba.nyc.mil 
Type escape sequence to abort. 

Tracing the route to aba.nyc.mil (26.0.0.73) 

1 debris cisco.com (172.16.1.6) 1000 msec 8 msec 4 msec 

2 barrnet-gw.cisco.com (172.16.16.2) 8 msec 8 msec 8 msec 

3 external-a-gateway.stanford edu (192.42.110.225) 8 msec 4 msec 4 msec 

4 bb2.su.barrnet.net (131.119.254.6) 8 msec 8 msec 8 msec 

5 su.arc.barrnet.net (131.119.3.8) 12 msec 12 msec 8 msec 

6 moffett-fld-mb.in.mil (192.52.195.1) 216 msec 120 msec 132 msec 

7 aba.nyc.mil (26.0.0.73) 412 msec * 664 msec 


Host names are shown if the addresses are translated dynamically or via static host table 
entries. The times listed represent the time required for each of three probes to return. 

]J^hen the trace reaches the target destination, an asterisk (*) is reported at the display. 

e display of one or more asterisks is normally caused by the receipt of a port- 
? eac hable packet and the timeout in response to the probe packet. 


Figure 9-17 
The trace 
command 
shows 
interface 
addresses 
used to reach 
the destina- 
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Responses include 


!H 

P 

N 

U 


The probe was received by the router, but not forwarded, usually due 
to an access list. 

The protocol was unreachable. 

The network was unreachable. 

The port was unreachable. 

Timeout. 


Summary 

This chapter has focused on IP address classes, components, and commands. You 
learned about configuring IP address classes and bit patterns, as well as the first octet 
rule. This chapter has taken a look at subnetting, covered subnet masks, and provided 
additional reference material (RFCs) that deals with addressing issues. 

Finally, the chapter examined three commands available to verify IP address configura- 

tlQn* nino r**lrw>r anH fran> In rlu> ....... _L . ir» ,■ 
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Chapter Nine Test 
IP Address Configuration 


Estimated Time: 15 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, "Chapter Test Answer Key.” 

Questions 9.1-9.3 

In this exercise, determine the address class and calculate the subnet of a given network 
address. Write the address class and subnet number next to the IP address in the table 
that follows. 


Subnet Mask 


Class 


Subnet 


9.1 172.16.2.10 

9.2 10.6.24.20 


255.255.255.0 

255.255.0.0 


9.3 10.30.36.12 255.255.255.0 


_B 

_A 

A 


172.16.2.0 
10 . 6 . 0.0 _ 


10.30.36.0 


Questions 9.4-9.6 

Correctly calculate the address class, subnet number, and the broadcast address for the 
subnet for each of the IP addresses and subnet masks given. Write your answers in the 
table next to each IP address and subnet mask. 

Broadcast 
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Routers learn about networks in several ways. This chapter presents static, default, and 
dynamic routing for IP. 

This chapter also discusses how to configure IP routing (including RIP and 1GRP), and 
examines routing configuration and transaction information. 


Basic Mechanisms and Commands of IP Routing 

This section introduces the concept of IP routing and the commands required to set up 
routes and routing tables. 


Setting Up the Initial IP Routing Table 


Devices communicate with each other over routes. A route is a path from the sending 
device to the receiving device. Devices on a network learn about routes in a variety of 
w ays. Routes can be manually configured by an administrator; devices can send out 
probes to discover how to get to a destination; or devices can receive updates about what 
routes are available. Once a device obtains information about a route, the device stores 
the route information in a routing table for future reference, as shown in Figure 10-1. 

destination device is on the same network as the sending device, the sending device sim- 
transmits the datagram directly to the destination. When a destination is not on the local 
a sending device forwards the datagram to a router. In order to forward a data¬ 
ble sending device must first know what routers are connected to the local network. 
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Figure 10-1 

Routers main- 
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address-to- 
port associa¬ 
tion table. 
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d recdv collr A r ° Uter ( C ° meS UP ’ " knOWS ° nl ^ 3b<)ut thc "«work S that are 
directly connected to its interfaces. 

n A rr F r t rS “ entneS ab0Ut netWOrkS ° r Subnets on wh “-h the router is directly con- 
which a i J rOUter COn T t,0 u CO 3 nerWOrk 15 conH ^red with an IP address and mask, 
Z ip A a T‘ at f Z 3 r ° Uter interface - The 'OS software learns about 
n rr T* m3sk '"formation from configuration information input from some 
source, such as a network administrator. 


Concept A ^ 3 Path fr ° m the Sendi " 9 deV ' Ce t0 the rece ' vin 9 device. 

Routers learn about nonlocal routers and the shortest path to destination device*! 
through a variety of methods, discussed next. 
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Understanding How IP Routing Learns Destinations 

Routers learn paths to destinations in three ways: 

• Static routes —Manually defined by the system administrator as the only path 
to the destination; useful for controlling security and reducing traffic. 

• Default routes —Manually defined by the system administrator as the path to 
take when no route to the destination is known. 

• Dynamically learned routes —Router learns of paths to destinations by 
receiving periodic updates from other routers. 

IP routing is automatically enabled in the Cisco IOS software. To disable IP routing, 
enter the following command in global configuration mode: 

Router(config)#no ip routing 

When IP routing is disabled, the router will act as an IP end host for IP packets destined 
for or sourced bv the router To re-enable IP routing, issue the following command in 
global configuration mode: 

Router(config)#ip routing 

Note that this book primarily focuses on dynamic routing. Refer to the Cisco Press title 
Advanced Cisco Router Configuration for more information on static and default 
routes. 

Specifying Administrative Distance Values 

An administrative distance is a rating of the trustworthiness of a routing information 
source, such as an individual router or a group of routers. An administrative distance is 
an integer from 0 to 255. In general, the higher the value, the lower the trust rating. An 
administrative distance of 255 means the routing information source cannot be trusted 
at all and should be ignored. 

Specifying administrative distance values enables the Cisco IOS software to discrimi- 
nat£ t, be t Wee n sources °f routing information, as shown in Figure 10-2. To get to net- 
B^ '0-9.0, Router A will choose to send the packet to Router B because Router 

has a lower administrative distance than Router C. 
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Figure 10-2 
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Configuring Static Routes 

Static routes are user-defined routes that cause packets moving between a source and a 
destination to take a specified path. Static routes are important when the Cisco IOS soft¬ 
ware cannot build a route to a particular destination. Routers can forward packets only 
to known routes, and if the router cannot learn of a route dynamically, the static entry 
can be used to enable the router to route the incoming packet. Static routes are also use¬ 
ful for specifying a gateway of last resort to which all unroutable packets will be sent. 
This gateway (which is actually a router) is used as a last attempt to find some device 
to handle the packet. 

Dynamic routing is typically preferred because static routing can be unwieldy in a large, 
complex, or volatile network because the administrator would have to make many 
manual changes. In small, simple, stable networks, however, static routing affords pre¬ 
cision and control over the network without too much work. 

To configure a static route, enter the ip route command in global configuration mode. 
A static route allows manual configuration of the routing table. No dynamic changes to 
this table entry will occur as long as the path is active. The complete parameters for the 
ip route command are as follows: 

ip route network [mask] {address', interface) ( distance ] [permanent] 

J where the parameters have the following meanings: 

• network —Destination network or subnet 
i * rnask —Subnet mask 

• address —IP address of next-hop router 

I . * ,nter face Name of interface to use to get to destination network 

• distance —The administrative distance 

permanent (Optional)—Specifies that the route will not be removed, even if the 
interface shuts down 

!* 

k 7 ' S om ' ttec * ' n t * 1c 'P route command, the router assumes it can use the default 
tniand UrC ^i lrov '^ es a stat i c route example based on the following ip route 

8outer(conf ig)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 

^'^ Ure r i le ‘P r <>utc command identifies the static route com- 

: • • 0 specifies a static route to the destination subnetwork; 255.255.255.0 
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Figure 10-3 

Router A is 
configured 
with a static 
route to 
172 . 16 . 1 . 0 . 


172.16.1 0 
255255 2550 



172.1620 

So* 


ip route 172.16 1 1.0 255.255.255.0 172 .1 6.2. 1 


indicates the subnet mask (eight bits of subnetting are in effect); and 172.16 2 1 is the 
IP address of next-hop router in the path to the destination. 

The assignment of a static route to reach the stub network 172.16.1.0 is proper for the 
Cisco A router because there is only one wav to reach that network. A stub network^ 

than on C r onl r on '“ nnectlon '° a "°'her network. If the network connects to more 
than one network and allows traffic to cross it to get from one network to another that 
network is called a transit network. > cnat 

Howevef n a m smr 0f * *“* ^ ^ B C ° the doud ""works « Possible. 

default rom .T aSS 'S nment « required for each destination network, so a 
default route may be more appropriate. 


Concent , ° ne r ° Utin9 protoco1 operational in the same router 

Concept fj the same t.me. Each route ,s distinguished by administrative distance. The 

'°" e " h ' S " U h mber ' th *' batter the route is considered to be It is basically a mea- 
Fo a T 9 °° d t^/outer considers the metric of that protocol to be. 

or 1? Th h 7 7* admm,strative di *tance can be very low (for example, 0 

• T h de,ault administrative distance for RIP is 120 and for IGRP is 100. j i 


Because static routes have a low default administrative distance, they are always chose*' 
over dynamic routes. You can change this effect by overwriting the administrative 
tance-essent.ally creating a static backup route-that is effective only when the protj 


Chapter 10 • IP Routing Configuration 


Configuring Default Routers 

A router might not know the routes to all other networks. To provide complete routing 
capability, the common practice is to use some routers as default routers and give the 
remaining routers default routes to those routers. 

To establish a default router, issue the following command in global configuration 
mode: 

Router(config)kip default-network network■number 

where network-number is equal to the IP network number or subnet number defined as 
the default. 

When an entry for the destination network does not exist in the routing table, the 
packet is sent to the default network, so the default network must exist in the routing 
table. One benefit of default routes is that they reduce the length of routing rabies. 

Use the default network number when you need a route but have only partial informa¬ 
tion about the destination network. Because the router does not have complete knowl- 

.1.. .1 -- ,|| __ i._ ... . . i i , , , 

, - u 6'- «i» u'-.uiiauuu neiWOiics, ii can use a uciauu i let wo! k iiumoer to inuicate tne 

direction to take for unknown network numbers. 

In addition to the normal IP network addresses, IP Routing Information Protocol (RIP) 
uses 0.0.0.0 as the default route. 

In the example shown in Figure 10-4, the ip default-network 192.168.17.0 global com¬ 
mand defines the Class B network 192.168.17.0 as the destination path for packets that 
have no routing table entry. 

To prevent unwanted updates from entering from the public network, company X could 
install a firewall in router A. To group those networks that will share company X’s rout- 
aig strategy, router A could implement an autonomous system number. 


Grouping into Autonomous Systems 

faFigure 10—4, you saw how company X used a default router to connect to a public 
or . It was mentioned that you could group routers into autonomous systems. An 
MU ° nomous system is a set of routers and networks under the same administration. An 
^onomous system may consist of one router directly connected to one LAN to the 
1 7 °r an autonomous system may be a corporate network linking several local 

L ° r s 1 rou gb a corporate backbone. The autonomous system presents a consistent 






IP Routing Configuration 


Introduction to Cisco Router Configi 


K Chapter 10 


inration 


.rotocols are used to exchange routing information between networks that do 
a common administration. IP exterior gateway protocols require the follow- 
;ets of information before routing can begin: 


Company X 


Figure 10-4 
The default- 
network com¬ 
mand indi 
cates where 
packets are 
sent when the 
router doesn't 
know how to 
get to the des¬ 
tination. 


Public Network 


A» shown in Figure 10-5, the supported e> 

r 

• Border Gateway Protocol (BGP) 

& • Exterior Gateway Protocol (EGP) 


Cisco A Routing Table 


Exterior Gateway Protocols 

• BGP 

•EGP 


Figure 10-5 

An internet¬ 
work can use 
both interior 
and exterior 
routing proto 
cols. 


view of routing to the external world. For 
all routers in that system must be: 


a router to belong to an autonomous system. 


Interconnected 

Running the same routing protocol 
Assigned the same autonomous system number 


Autonomous 
System 100 


Autonomous System 200 


Interior Gateway 
Protocols: 

•RIP 
• IGRP 


exterior routing protocol must isolate autonomous systems. Basically, another 
#Oomous system is managed by some other staff. Because you have no control over 
1 that network is configured, you need to protect the network against errors that 
llarise from misconfiguration. BGP and EGP are covered in more detail in the Cisco 
title Advanced Cisco Router Configuration. 


Using Interior or Exterior Routing Protocols 

The design criteria for an interior routing protocol require it to find the best 
through the network. In other words, the metric and how that metric is used is the 
important element in an interior routing protocol. 


router rip 

network 172.16 0 0 
network 192 168 17 0 





ip default-network 192,168.17.0 


•I • 
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The following pages focus on how to configure the first two of these protocols: RIP and 
IGRP. 


Completing the IP Routing Configuration Tasks 

The selection of IP as a routing protocol involves the setting of both global and interface 
parameters. Global tasks include: 


Interior IP Routing Protocols 

At the Internet layer of the TCP/IP < 
can use the IP routing protocol to a 
specific routing algorithm. 


Select a routing protocol: RIP or IGRP (see Figure 10-7). 
Assign IP network numbers without specifying subnet values. 


suite of protocols, as shown in F 


c IU-6, a router 
lementation of a 


The interface task is to assign interface-specific addresses and the appropriate subnet 
mask. 


Routers use 
the IP protocol 
to perform 
routing. 


Network 172.16.0.0 


Application 


Transport 
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Network Interlace 


IGRP 


Hardware 


Network 

160.89.0.0 


tistrarion XIUp ^ ° r routm £ netw °rks rhar are under a common network 
etwo kc h imeri ° r gatCWay Pr ° tOCOls must bc s P^'Hed with a list of associ¬ 
ation, , T t,ng aCtlV ‘? eS Can begm - A routi ”g P">^ss listens to updates 

same CfS i*" nerwor ^ s anc ^ broadcasts its own routing information on 
me networks. Cisco IOS software supports the follow,m, mrerinr m„rine 


Network 172.30.0.0 


Dynamic routing uses broadcasts and multicasts to communicate with other routers. 
The routing metric helps routers find the best path to each network or subnet. 


Configuring Dynamic Routing 

primary commands are used to configure dynamic routing: router and network 
j# router command starts a routing process; its form is as follows: 

Router(config)#router protocol [keyword] 


Routing Information Protocol (RIP) 

Internet Gateway Routing Protocol (IGRP) 

Enhanced Internet Gateway Routing Protocol (Enhanced IGRP) 
Open Shortest Path First (OSPF) 

Intermediate System-to-Intermediate System (IS IS) 
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Figure 10-7 

A router can 
use more then 
one routing 
protocol it 
desired 
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10 - 8 , a packet from host 1 to host 2 would cross the 19.2 kbps link because 
. uses the lowest hop count. 


Figure 10-6 

The hop count 
metric selects 
the path. 


ortunately, in this example, the route selected is not the best route available. RIP 
developed in a homogeneous network and was widely unavailable. If everything is 
liected via a single media type, bandwidth-based metrics reduce to hop count. But 
ere are different media types, RIP’s hop count metric may not consistently identify 
best path, as in this example. 


iguring RIP Router Commands 


two primary commands used to configure an RIP router are as follows: 

Routerfconfig)#router rip 
\ * ou * er ! con ri9- r outer)#network network■number 

rooter rip command selects RIP as the routing protocol. The network command 
P 1 * an IP address for the network to which the router is directly connected. The 
Wg process will associate interfaces with the proper addresses and will begin packet 
on the specified networks. 

g^ork statement contains no subnetting information. Networks are directly con- 
MDd are , S F ec '(' ed as a Class A, B, or C network number. Because of the ip address 
wit addresses and subnet masks, the routine protocol is able to determine 
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Viewing IP RIP Information 

There are three primary commands used to view RIP information: 

• show ip protocol 

• show ip route 

• debug ip rip 

The show ip protocol command displays values about routing timers and network 
information associated with the entire router, as shown in Figure 10-10. Use this infor¬ 
mation to identify a router that is suspected of delivering bad routing information. 

The router in Figure 10-10 sends updated routing table information every 30 seconds. 
(This interval is configurable.) It has been 17 seconds since it sent its last update, so the 
next one will be sent in 13 seconds. The router is also injecting routes for the networks 
listed following the Routing for Networks line. 


* -“‘-defects RIP as the routing protocol 

* network l.O.O.O-Specifies a directly connected network 

* network 2.0.0.0-Spec,fies a directly connected network 

receive RIP updaterThesTroutin?'^ j° netu '' orki 1 0.0.0 and 2.0.0.0 will send 
topology. rOUt,nK U P dat “ aliow the router to learn the net* 

The network command gives the „ 

connected to the router’s neighbor Wi r i 1 „ P ^ 0 ? ,C0 P cnn ‘ ss ‘°n to advertise the su 
tised. With a network command, the router will* command - nothln 8 is * 

A, B, or C network specified in the configuration.^*"’ 5 * W ' th ' n *** 





Router> show ip protocol 
Routing Protocol is "np“ 


invalid after 180 seconds, hold down 180, flushed after 240 
Outgoing update filter list for all interfaces is not set 
Incoming update filter list for all interfaces is not set 
Redistributing: rip 


Routing Information Sources: 

Gateway Distance Last Update 

183.8.128.12 120 0:00:14 

183.8.64.130 120 0:00:19 

_183.8 128.130 120 0:00:03 


Figure 10-10 
Use show ip 
protocol com 

mand to 
observe RlP's 
behavior. 


1 


ow 'P route command displays the contents of the IP routine table, as shown in 

ure 10-11. 
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Figure 10-11 
Uso the show 
>P route com¬ 
mend to dis¬ 
play the local 
routing table. 


Router> show ip route 

I - , GRP . R . RIP , M . Moblle B . BGp 

El - OSPF extemal^type TT!sP F ^ !* ' ° SPF ^ 
i - IS IS. LI - IS-IS , e Tl, L2 ' q SPF , eX 'T, nal E ' EGP 

• L2 • IS IS level- 2 , - candidate default 


Gateway of last resort is not set 


144.253.0-0 is subnetted (mask is 255 255 255 m , 

144.253.,00.0 is directly connected^Ethemeft* ° ' ' SUbne ' 


(“o/llvalS™ ' 8 i® ' 28,3 °' OOOOt/:^^ 
» T 30 ' 00:00:17. Senall 

M 2 « l reC,ly COnnec,ed ' EtbernetO 
d,rec "y connected. Senalt 
183.8.128.120 ,s directly connected. SerialO 


The routing table contains entries for ill L 

tains a code that indicates how that inform u nC ' 7 ° rks and subn «works and con- 
follows: information was learned. The values arc defined as 


Router> debug ip rip 

RIP protocol debugging is on 

Router# _ 

RIP: update)rdm172.8.12i l30dh8Wak) 

172.8.0 128 in 1 hops 

172.8. $4.126 In 16 IW0eOraob4M6W)l 

Rip received update from 172.8 64.130 on Serial 1 
172.8.0.128 in 1 hops 
172.8 0.128.128 in 1 hops 

RIP: received update from 172.8.128.130 on SerialO 
172.8.0.128 in 1 hops 

172 8 64 128 in 1 hops _ _ 

RIP: ^>‘^5^55*266^56 

subnet 172.8.0.128, metric 2 
subnet 172.8.64 128, metric 6 
subnet 172 8.128.128, metric 1 
network 10.253.0.0. metric 1 

RIP: sending update it 255.255.255.255 via Ethernet 1 (10.253.100.202) 
network 10 50.0.0, metric 2 
network 172.8 0 0. metric 1 


• C Indices , network ,h„ w« conned wi , h 
K indicates an entry learned through RIP. 

* Via refers to the router that informed you about th.s route. 

* 00:00:09 timer value means that RIP updates are every 30 seconds. 

he administrative distance is 120. 

• The hop count to 153.50.0.0 is 1 . 


Configuring IGRP 


Internet Gateway Routing Protocol (IGRP) is an advanced distance vector routing pro¬ 
tocol developed by Cisco in the mid-1980s. IGRP has several features that differentiate 
it from other distance vector routing protocols, such as RIP. These IGRP features are as 

follows: 


The Ip rip command d„pl,„ R,P „ u „„ g up d ales „ ,„ [y „ ^ ^ ^ J 

were then broadcast through 172.8.128 2 ho P count is greater than 15. Updates 
The no debn, ,p „ p c „ ro ma„d „ rn , off th , di>p|ay o( ^ ^ ^ “ 


Scalability —Some of the largest internetworks are based on IGRP. 

Fast response to network changes —Unlike other distance vector routing pro¬ 
tocols, IGRP sends updates when route topology changes occur. 

Sophisticated metric —IGRP uses a composite metric that provides significant 
route selection flexibility. Internetwork delay, bandwidth, reliability, and load 
are all factored into the routing decision. IGRP can be used to overcome RIP’s 
15-hop limit. 


Multiple paths —IGRP can maintain up to four nonequal paths between a 
network source and destination. Multiple paths can be used to increase 
available bandwidth or for route redundancy. 


LlGRP in IP networks that require a simple, robust, and scalable routing protc 
\ w a k° useful when trying to avoid the router processing overhead of link-: 
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Use the debug 

ip rip com¬ 
mand to trou¬ 
bleshoot RIP 
communica¬ 
tions. 
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rounng protocols. You can redistribute ICRP to IP RIP, OSPF, and Enhanced IGRP i 
Note however, that IGRP does not support variable-length subnet masking V.ri ,ble ! 
length subnet masking (VLSM) allows you to use some of the host address bits to define 

m! ’ A 7 SS - n cT ,T,o , ng iS COVered in g reater d « ad Chapter 9, "IP Address- 

recti v a« S ° "^7° RF ° 219 ^ detailed '"formation about VLSMs and how to cor¬ 
rectly assign addresses. r 

j 

Understanding IGRP Operation 

IGRP is a distance vector routing protocol. Routers using IGRP broadcast periodic ! 
routing table updates to neighbor routers at 90-second intervals. IGRP provides a num- i 
ber of features designed to enhance its performance and stability and at the same time « 
include: P ° SS,b,l ‘ ry ° f r0utln S loo P s - As shown in Figure 10-13, these features 

• Flash updates 

• Poison reverse 

• Holddowns 

• Split horizon 

Flash Updates 

In addition to its periodic routing updates, IGRP uses flash updates to speed up conver- l 
fs noticed r0Utm8 8 ° r A f iS SCnt When a network to P ol °gy change I 

Poison Reverse 

Increases in routing metrics generally indicate routing loops. As discussed in Chapter 4, M 
poison reverse updates are sent to remove a route and to place it in holddown. IGRP M 
poison reverse updates are sent if a route metric has increased by a factor of 1.1 or . jy 


Holddowns 

IGRP has a holddown timer that prevents temporary routing loops while converger 
takes place. A newly learned route is used until the holddown time expires. By defall 
the holddown timer is three times the update interval (90 seconds) plus 10 seconds* 
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">80 seconds. Flolddown timers can be disabled to improve convergence time; however, 
removing holddown timers increases the possibility of routing loops. Use the no metric 
holddown command to disable holddowns. As a result, after a route has been removed, 
a new one will be accepted immediately. 

Split Horizon 

Recall from Chapter 4 that split horizons derive from the fact that it is not useful to 
send information about a route back in the direction from which it came. In Figure 
10-13, for example, router B does not send route information back to router A regard 
ing network 10 . 


Holddown Timer 


Flash Update 


_ 

r. 


Figure 10-13 

Flash update 
are sent whe 
a change m 
the network 
topology 


Poison Reverse 


^ Split Horizon 

Router B will not 
advertise to Router A 
that it can reach 
network 10.3.0.0 


Periodically, each router broadcasts its entire routing table (with some censoring 
because of the split horizon rule) to all adjacent routers. When a router gets this broad¬ 
cast from another gateway, it compares the table with its existing table. Any new desti¬ 
nations and paths are added to the routing table. Paths in the broadcast are compared 
with existing paths. If a new path is better, it may replace the existing one. 

In addition to the periodic updates every 90 seconds, IGRP declares a route inaccessible 
if it does not receive an update from the first router in the route within three update 
periods (270 seconds). After seven update periods (630 seconds), the route is removed 
from the routing table. 


r 


Ising the IGRP Composite Metric 

RP uses a composite metric to identify preferred routes. The IGRP composite metric 
• 24-bit quantity that is a sum of the segment delays and the lowest segment 
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bandwidth tor a given route. This combination metric provides greater accuracy when 

choosing a path to a destination. In Figure 10-14 the token rine in, I FDni n m r 

erahie to the dual . 9.2 kh P s hnk. Unfit R.Ps h.^ ,RpV 

ports the selection of the best path. 1 SU P' 

SSSZf *" h ''" *"—» " •!* following 

■ b ""”. . - j ™”“" <«■ 

’ %£*“**' de '- ,v *■« *• noth apri m ,™ raicro . 

Reliability Worst between source and destination based on keepalives (ex- 
pressed as .in integer from 0 to 2. >5) K 

/.oji/mg—Vforst load on a link between source and destination (based on 
per second) 

A! n —Smallest M TU value in path (expressed in bytes) 

I be path that has the smallest metric value is the best route. Bv default only 

<Mdme ,V Tut. i f 1 e RP metr ' C ' hlU VOU tan it to consider 

-ading. and M TV also. In Figure 10-14, for example, vou can figure that router A 

send data along Path A, instead of the slower serial links. Path A includes a 16 

J ' lnk - J FDD [ 'ink. and some 10 Mbps Ethernet bnkl 

« SSST—.' .-™ A „ .. 


Path B 


Adgjstmg IGRP metric values can dramatically affect network performance. Make all 
r 'C adjustment decisions carefully 


Figure 10-14 

IGRP will 
select Path A 
because the 
metric to cross 
that path is 
lower than the 
metric to cross 
Path B 


Path A 


Unequal-Cost Load Balancing Feature 

The IGRP composite routing metric supports multiple paths between source and desti¬ 
nation. This feature is known as unequal-cost loud balancing. Unequal-cost load bal¬ 
ancing allows traffic to be distributed among up to four unequal-cost paths to provide 
greater overall throughput and reliability. 

The following general rules apply to IGRP unequal-cost load balancing: 

* IGRP will accept up to six (four is the default) paths for a given destination 
network. 

* The next-hop router in anv of the paths must be closer to the destination than 
to the local router. 

* The alternative path metric must be within the specified variance of the best 
local metric. 


For example, the alternative route may only be a specified factor worse, as 
measured by the IGRP metric, than the best local route. This variance can be 
configured. 
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ft these conditions are met. the route is considered feasible and can be added to the 
mg table. In figure 10-15, for example, a second unequal rm 
initial route between the source and the destination. 


I 


Figure 10-15 

IGRP can 
support load 
balancing 
between 
unequal cost 
paths. 


New Route 





is been added to the 

1 
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* 
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m 

Destination 
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You can use the default-metric command to change the default metric. 

Creating an IGRP Routing Process 

Use the router igrp and network commands to create an l(,Rl> routing process: 

Router)contig)#router igrp autonomous system number 

Router(config• router) ffnetwork network number 

■ example, in Figure 10-16, the following configuration has been set up: 

router igrp 109 Enables the IGRP routing process for autonomous sys- 

tern 109 

network 10.0.0.0 Associates network 10.0.0.0 with the IGRP routing 
process 

network 172.31.0.0 Associates network 1 72.3 1 .0.0 with the IGRP routing 
process 

IGRP sends updates out to interfaces in networks 10.0.0.0 and 172.3 1.0.0 and include^ 
information about networks 10.0.0.0 and 172.31.0.0. 
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AS 109 


AS 109 


10.0 0.0 


172.31.0 0 
r 


router igrp 109 
network 10 0.0 0 
network 172.31 0 0 


Even though each IGRP muring process can provide routing information to onl\ mu 
autonomous svstem, the Casco IDS software must run a separate IGRP process aiu 
maintain a separate routing database for each autonomous system it serwees. 

You mav want to establish different autonomous systems when your compain is merg 
mg with another company, when connecting to a service provider, or when >ou want r< 
isolate certain departments of the company. 

To configure two IGRP routing processes, use the router igrp and network command' 
to define each IGRP process. For example, in Figure 10—1 , network |i).0.0.0 is u 
autonomous svstem 71, and network 1 ~ T 2.6S.~\0 is in autonomous network 109. 
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Configuring 
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Sending updated evei 

I Invalid after 270 srzz; 

Outgoing update filter 
Incoming update filter 

' Default i- 

i Default networks 
I IGRP metric 

IGRP maxim um hopcount 100 
IGRP maximum metric variance 1 
Redistributing igrp 300 
Routing lor Networks; 

183.8.0.0 
144.253.0.0 

Routing Information Sources 
Gateway D,stance 

144.253.100 1 ioo 

183.8.128 12 ioo 

183.8.64 130 ioo 

Distance: (default is 100) 

-More- 


COPft , due in 55 seconds 

°?° , ?', h0ld down 28 °- "“Shed after 630 
,st tor all interfaces is not set 
l ' sl ,or al1 'Oterfaces is not set 
networks flagged in outgoing updates 

acce P'ed from incoming updates 
weight K1 = 1. K2=0. K3=0. K4=0 K6-n 


Last Update 
0:00:52 
0:00:43 
0 01 02 


Figure 10-18 
show ip 
protocols 


command 
,n dicate s that 
'ORP is active 


Displaying IGRP Routing Information 

1 " 1M UH r ^ H ' Allowing commands to disnl.. |( ui> 
update information: 1 ' ' * r,uirin K configuration and table; 

• show ip protocols 

• show ip interfaces 

• show ip route 

• debug ip igrp transaction 

• debug ip igrp events 

the following examines each of rh.w. i . $ 

-i-i , these commands and views their results 

I he show ip protocols command disnlivsn, e, T 

■d'”ut the entire router, as shown in Hgure To iT'v'' ' " Ul netWork lnf,,rma tioJ 
router ,s infecting routes for ISd.S.O.i) and 144.253 O.fc " ^ ^ l0 -' 8 tha ^ 

,_ • 

; ~ -— _____ k *£■ 

Routers show ip protocols j -« 
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The show ip interfaces command displays the status and global parameters associated 
with an interface, as shown in Figure 10-19. 


Router> show ip interfaces 
EthernetO is up. line protocol is up 
Internet address is 183.8 128.2 subnet mask is 255.255.255.128 
Broadcast address is 255 255.255.255 
Address determined by non-volatile memory 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is enabled 
Outgoing access list is not set 
Inbound access list is not set 
Proxy ARP is enabled 
Security level is default 
Split horizon is enabled 
ICMP redirects are always sent 
ICMP unreachables are always sent 
ICMP mask replies are never sent 
IP fast switching is enabled 
IP fast switching on the same interface is disabled 
IP SSE switching is disabled 
Router Discovery is disabled 
IP output packet accounting is disabled 


The Cisco IOS software automatically enters a directly connected route in the routing 
table if the interface is one through which software can send and receive packets. Such 
an interface is marked “up." If the interface is unusable, it is removed from the routing 
table. Removing the entry allows implementation of backup routes, if they exist. 

The show ip route command displays the contents of an IP routing table. The table con- 
i tains a list of all known networks and subnets and the metrics associated with each 

entry. 

iiott in Figure 10-20 that the information was derived from IGRP or from direct connections. 

! °u can use two commands to display routing table updates: 

Router#debug ip igrp transaction [ ip-address] 

Routertfdebug ip igrp events l ip address] 

|* debug ip jg r p transaction command displays transaction information on IGRP 
ng transactions. If the IP address of an IGRP neighbor is specified, the resulting 
t includes messages describing updates from that neighbor and updates that the 
broadcasts toward that neighbor. 


Figure 10-19 
The show ip 
interfaces 

command 
indicates that 
the line is up. 
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’ so 


figure 10-20 
The show ip 
route com¬ 
mand is used 
to read the 
routing table. 


Router> show ip route 

C D de EIGRp 0 Ex eC &GRP "T '' ' GRP R ’ fllP M MoWe. 8 - BGP 

E- oTpf CeT E2 al OSPE° S, : F ‘ ° SPF '"' e ' ^ 

• - IS IS. L, ■ IS-IS level , L2 s fcT! "' ' yPe 2 E ’ EGP 
L* IS-IS level-2. - candidate default 


Gateway ol last resort is not set 


83 8.0.0 is subnetted (mask is 255 ?55 95 s ioq, , c H . 

C 83 8 64?2fl a VCOnneC ' ed E,hernel ° 
r 28 IS dl,ec,| y conn ected. Serial! 

I 7?ffinn'r?n ISd,reCllyCOmeC,ed Ser,al ° 

I ,92 3 63 0 om! ^ 2M 100 ’ 00 00 55 Ethernet, 
3.63.0 (toor, 300) via ,44 253 too 200 00 00 58 Ethernet, 


Use the no debug ip igrp transaction command to d.s .hie rl.. 1 u 
there are many networks in vour r.ntttm. ttble I, n , del U} f " 8 l,ut P ut - Whe 4j 

can flood the console and make the router onus,hi T T” tor evel T route] 

events command is used to display a summary ot'rh • K ”rp ' L ‘" C ’ ' * dcbug ' P ,grp f 
command indicates the source and destm hi,,,,' t 1 r ' H,tl " K mformatlon - ThisJ 
routes in each update. Messages are not generated for eaS'rou^"" " ^ " Umber< 

coinmmid^he're^ult^n^lm^nnUudt.^m'''-"''^ 1 '^ "'I™ T"’ 8 ,hc dtbu8 V '« r P 

hot and updates that the rolr ^ *“ “1 

Use the no debug ip igrp events command to disable the debugging output. ** 

Summary 

In this chapter, you've learned that routers cm b. c , . 

protocols. (This chapter focused on RIP ,„d K RP,V * V “ W °" e or .™P ,e 1PrOUD 
used ro enable conHaurf , n \ , K,K|J *«»u ve als*> examined theconuiMl 

commands required to view and d'b'^ ' "’ Sl P ' l,r " tl>ls ,,M J Cl "> router, including] 
the more pooular wo 8 >’° Ur rour '"8 configuration. Although TC 

large networks Novell’s IPX " 1terntt '' , ‘ >rl ‘" 1 8 Protocol, it is not the only protocol use 

N,,vell lPX dehTes how m ? 'T * "' ddv Used ’ - well. Chapter 11, “ConS 
con gure a router to support Novell’s IPX protocol. j| 

m 




Chapter Ten Test 
IP Routing Configuration 


Estimated Time: I s minutes 

Complete all the exercises to test your knowledge of the materials contained in tin- 
chapter. Answers are listed in Appendix A, "Chapter Pest Answer key." 


Question 10.1 

T F To verify that IP routing is enabled, you can enter the show protocols 
command. 

Question 10.2 

T F You issue the router rip command to enable the RIP routing protocol. 

Question 10.3 

T F You issue the network network-number subnet mask command to associate .1 
network with a routing process. 


■ 


Question 10.4 


C T F You issue the show ip protocol command to verify that the RIP routing protocol 
is enabled. 

Kt Question 10.5 

; p You issue the show ip rip route command to display the current status of the 

RIP routing table. 
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and do you issue to display the current state of the IGRP routing table 


avs the IGRP routing updates events sent from the router 


G Question 10.14 


routing metric 


metric 
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Question 10.6 

In the RIP routing table disol i\ i > 

h>- 'he RIP routing protocol? '' y,,U ‘ ,l ' tm,,,nc u hld ’ networks are 


Question 10.7 


ut eon,,iiand displace the KIP routing updates sent from and reo 


eived by 


Question 10.8 


W hat command disables the displav of rhe 
by your router- 


RII’ routing updates sent from . 


Question 10.9 


W hat command do Vl 


>U ,ssl, e to enable the IGRP routing protocol? 


Question 10.10 


EH Chapter 


Sg\ 

Question 


What comm 


Question 


■££./.. What comn- 


What type < 


Question 10.11 


command do you issue to verifv th it rhe irpp , ■ 

tnat the K.KP routing protocol is 
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Configuring Novell IPX 


This chapter presents an intro 
ates using Cisco U )S software 
IPX parameters, how R11SA 


IPX Routing Overview 


Cisco Routers in NetWare Networks 


L \in provide .ill the hardware 
a business. As a result, most 
chosen tor the powerful tea 
found m NetWare networks 


in today's networking environment, no one manufacturer 
and software required to support the computing needs of 
networks include a variety of vendor products, each one 
fnres it provides, lor that reason, C isco routers are often 
«vcn though Novell offers routing products. 

Cisco’s routers otter the following features in Novell network environments: 


Support for a wide range of interfaces, including native 
Access lists and filters for IPX, RIP, SAP, and NetBIOS. 
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Chapter 


Application 


Netware 

Shell 


Presentation 


NetBIOS 


Transport 


NLSP 


Network 
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IEEE 
802 3 


Fast 

Ethernet 


ISDN 


Physical 
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Sellable routing protocols, including Knh.inced l(,RI> and \! Sl>. Cisco uses \ 
generic routing encapsulation (t.KI « to .dlow IPX datagram transmission I 
across IP networks. 3 

• t onfigurahle RIP and SAP updates and packet sizes. 

• Serverless I AN support. 

• l)ial-on-demand routing and spoofing for IPX and SPX. Traffic is routed across" 
lines only when necessary, limiting the amount of time each line is used. $ 

• Rich diagnostics, management, and troubleshooting features. The ping IPX 
command and many show commands provide complete information about IPX 
performance. 

Novell NetWare Protocol Suite 

Novell IPX ,s a proprietary suite of protocols derived from the Xerox Network Systems^ 
XNSi protocol suite. IPX is a datagram, connectionless protocol that does not requireL 
an acknowledgment for each packet. It is a I aver ! protocol that defines the internet - 1 
Work (network and node) addresses. In the NetWare environment, a user's workstation 
is most often referred to as a node. 

Novell NetWare uses the following: 

• IPX Routing Information Protocol (RIP) to facilitate the exchange of routinT - 

information . j 

• Proprietary Service Advertisement Protocol iSAP) to advertise network service^ 

NetWare f ore I rotocol I N’t P) to provide client-to-server connections i 
applications 

Sequenced Packet Exchange 1 SPX 1 service for l ayer 4 connection-orienF 


As an alternative to RIP and SAP. Novell has a link-state routing protocol called Net! 
Ware I ink Services Protocol (M SP). Because it is a link-state routing protocol, NlS| 
otters more reliable and effective routing processes than IPX RIP. Novell also hafe 
directory service called Novell Directory Service (NDS). . 


I In. NetWare protocol stack supports all common media access protocols, as sho 
igure 11-1. Phe data link and physical lasers are accessed through the 
Data-I ink (ODD Interface. . 


Figure 11-1 

Protocols 
used m the 
network 
through apph 
cation layers 
were devel¬ 
oped by 
Novell. 


Lavers 3 through .ire unic|ue to Novell. 


• Laver ^ encompasses IPX, a datagram service. 

• The Service Advertising Protocol (SAP) provides services for part of Layer 3 
and all services from Layers 4 through 7. 

• Layer 4 is characterized by SPX, which provides a reliable connection-oriented 
service. NCP and the NetWare shell also provide Layer 4 services. 

NetBIOS (Network Basic Input/Output System) emulation performs tasks applicable to 
the ISO/OSI model transport and session layers. Novell NetWare defines a special IPX 
packet called Type 20 (flooded packets) for NetBIOS applications. 


Key Novell NetWare Features 

As shown in Figure 1 1-2. a Novell IPX address has SO hits: 32 hits for the network 
number and 4S hits for the node number. The node number contains the MAC address 
i °f an interface. 

| Novell IPX supports multiple logical networks on an individual interface; each network 
gj requires a single encapsulation type. 

^fcvell RIP is the default routing protocol on older NetWare products; NLSP is the 
SP*f*ult routing protocol on NetWare 4.11 and higher. 
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Figure 11-2 

Each IPX inter¬ 
face has a 
unique 10- 
byte address. 
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4 bytes 


6 bytes 


I-«-I L 


rr 


Network Node 

/ \ 

Up to 32 bits 48 bits (from MAC) 


Network 4aId 


4aId 0000.0c56.de33 


2c Id 0000 0c56 de33 


E0 


SO 


El 




Network 2c 


2c 0000 0c56 de33 


3f 0000.0c56 de34 


Network 3f 

NetWare clients automatically discover available network services because Novell serv¬ 
ers and routers announce the services using SAP broadcasts. The filtering of service 
advertisements is a critical issue in Novell networks. SAP traffic can become excessive j 
and can severely impact bandwidth available for user data traffic. 

One type of SAP advertisement is Get Nearest Server (GNS), which enables a client to. 
locate the nearest server for login. These features are discussed in detail later in this J 
chapter. | 
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Novell IPX Addressing 

Novell IP'S addressing uses a two-part address: the network number and the node number. 

• The IPX network number can be up to 4 bytes itt hexadecimal digits in length. 
Usually, only the significant digits are listed. I his number is assigned In the 
network administrator, f igure 1 I -2 features the IPX network 4a Id. Other IPX 
networks shown are 2c and if. 

• I lie IPX node number is (s bytes | 12 hexadecimal digits) in length. 1 his number 
is usually the MAC address obtained from a network interface card, figure 
11-2 features the IPX node 0000.0cx6.deis. Another node address is 
0000.0cih.de >4. 

Notice in Figure I 1-2 that the same node number appears for both Ft) and SO. Serial 
interfaces do not have MAC addresses, so the router created this node number tor So 
by using the MAC. address from Ft). 

Each interface retains its own address. The use of the MAC. address in the logical IPX 
address eliminates the need tor an Address Resolution Protocol (ARP). 

How to Determine the IPX Address 

You must use a valid IPX network address when you configure the Cisco router. Because 
Novell NetWare networks are likely to be established already with IPX addresses, you 
can determine the existing IPX address from these already established networks. I he 
IPX network address refers to the logical wire; all routers on the same wire must share 
the same IPX network address. 

The first and recommended way to find out what address to use is to ask the NetWare 
administrator. Make sure that the NetWare administrator specifies the IPX network 
address for the same network where you want to enable IPX on your Cisco router. 1 he 
Cisco router must use the same network as the NetWare hie server lor other source of 
the address) specified by the NetWare administrator for that cabling system. 





Introduction to Cisco Router Configuration 


Configuring Novell IPX 


Chapter 


inistrator, you can 
appropriate of the 


Framing Structure 


Novell Name 


Ethernet 802.3 | 802.3 

(default for Netware 3.11 or earlier) 


ir the neighbor router is another Cis 
command to show cdp neighbors detail 

'ton can Telnet to the neighbor router, 
display the running configuration on tin 

It the neighbor router is not a Cisco row 
router or a NetWare Hie server), you mi, 
the NetWare conh'u urilirv rn . 


Cisco (OS « 


Ethernet _802 2 | 802.3 

(default for Netware 3 12 or later) 


Ethernet 


Ethernet II 


SNAP 


Ethernet_SNAP 


c Cisco router, you must use rhi 
v exists on that network. 


ress as the address that 


In addition to the four encapsulation types discussed here, you can specify a fifth type. 
HDLC, for serial connections. HDLC is covered in more detail in Chapter 14, “Intro¬ 
duction to WAN Connections." 


ie server console, you can use the NetWai 
days a window with the IPX address of the 
isco router. 


re config J 
■ segment! 


Novell and Cisco Encapsulation Names 

Novell and Cisco use different names for each frame type, as shown in Figure 


Multiple Novell Encapsulations 

NetWare all,m s multiple Layer 2 frame structures for N 
support all of the framing variations. For example th 
rammg types, as shown in Figure I I-.!. F.ach encapsula 
'•itujtions: 


Figure 1 

Specify the 
enc.n'si' lat ' on 
type when vou 

rnnfnllire IPX 


Cisco IOS Name 


Novell IPX Name 


-► novell-ether 


Ethernet 802.3 


h theme t S02.1 —Also 
through >. 1 1 

Ethernet 802.2 —The , 
and also used for OSI 

Ethernet //—L’sed wirl 

Ethernet S\AP— Used 


*uiIt tor NetWare versions® 


EtherneL802.2 <■ 


Ethernet 


EthernetJI <- 


default for NetW 
routing 


12, NetWare 4, and NetWare^ 

■ 


Ethernet_SNAP 
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\X hen you configure an IPX network, you may need ro speedy a mmdefault encapsula- ’ 
tion type on edher the Novell servers and clients or on the Cisco router. To help y ou i 
specify the appropriate encapsulation type, use the table in Figure 11-4. The table! 
matches the Novell term to the equivalent Cisco IOS term for the same framing types. ; 

When you configure Cisco IOS software for Novell IPX, use the Cisco name for the - 
appropriate encapsulation. Make sure the encapsulations on the clients, servers, andc 
routers all match. Devices that use different encapsulation methods cannot communi-l 
cate with each other. J 

If you do not specify an encapsulation type when you configure the router for IPX, the 1 
router will use the default encapsulation type on its interfaces. ’ “ 


The default Ethernet encapsulation type on Cisco routers does not match the defaij 
Ethernet encapsulation type on Novell servers after NetWare 3 11 This means that you 
to change or add the sap frame type to a Cisco router on an Ethernet network that support^ 
more current versions of NetWare 




rvvo or more paths have the same hop cornu, the router will use the age of the entry as 
the tiebreaker; the most recent entry in the tables will he preferred over the older entr\. 

Each IPX router periodically broadcasts copies of its KIP routing table to its directb 
connected networks, as shown in bigure 1 1-5. 

Router B 



Router A 



RIP. 

<- 

RIP 


RIP 


Table 


Table 


Table 



RIP 

Table 


Figure 11-5 

RIP routers 
periodically 
broadcast 
updates of 
their routing 
tables 


1 he default encapsulation types on Cisco router interfaces and their keywords are 
follows: 

• Ethernet—novell-ether 

• Token Ring—sap 

• FDDI—snap 

• Serial—hdlc 


Novell Uses RIP for Routing 

Novell RIP is a distance vector routing protocol. RIP uses two metrics to make l 
decisions: ticks (a time measure) and hop count (a count of each router traversetff 

RIP checks its two distance vector metrics by first comparing the ticks for path «S 
tives. If two or more paths have the same tick value, RIP compares the hop) 


f Upon receipt of these broadcasts, the neighbor IPX routers add distance vectors as 
i required before broadcasting copies of their RIP tables to their other attached networks. 

K A split-horizon algorithm prevents the neighbor from broadcasting RIP tables about 
jjlPX information back to the networks from which it received that information. 

plf also uses an information aging mechanism to handle conditions where an IPX 
eiouter goes down without any explicit message to its neighbors. Periodic updates reset 
yd* aging timer. 

i Routing table updates are sent at 60-second intervals. This update frequency can cause 
fc.txccssive overhead traffic on some internetworks. 
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Enhanced IGRP for IPX is an alternative to RIP as a routing protocol and is support 
Cisco-to-Cisco connections Enhanced IGRP can provide faster convergence, reduced* 
cast traffic, and better routes M 

--- *1 


M SP, Novell's link-state routing protocol, is another alternative to RIP. NLSP i* 
ported for Cisco-to-Novell multiprotocol PC-based router (MI'R) connections and 
Ware 4.1 I and later versions. 


: r v • • 


I 


NLSP is derived from the OSI Intermediate System-to-lntermediate System (IS-IS 
tocol. NLSP will interoperate with RIP and SAP to ease the transition and provide 
ward compatibility with RIP internetworks that have no need for link-state 
NLSP (and IPXWAN) is covered in more detail in the Cisco Press book Advanced 
Router Configuration. 


r 


Many Novell customers want to reduce the excessive distance vector overhead 
traffic in RIP and SAP. Link-state routing requires less ongoing bandwi 
link-state updates can also have problems, especially in large networks using 
(level II area. ’J 

SAP: Supporting Service Advertisements 


m: 


All the servers on NetWare internetworks can advertise their services and ad 
versions of NetWare support SAP broadcasts to announce and locate regi 
work services, as shown in Figure I 1-6. Adding, finding, and removing service* 
internetwork are dynamic because of SAP advertisements. 

Each SAP service is an object type identified by a hexadecimal number. Exam 


4 NetWare file server 

Print server 

2”X Directory server 

All servers and routers keep a complete list of the services available through® 
work in server information tables. Like RIP, SAP also uses an aging mechaW 
tify and remove table entries that become invalid. 


S 


m 


w 
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Server advertises 
print services 




/^—V. 

Router A j 

listens to 


Server 
advertises 
file services 


Figure 11-6 

SAP packets 
advertise all 
NetWare net 
work service : 


H[fault, service advertisements occur at 60-second intervals. However, although ser- 
idvertisements might work well on a LAN, broadcasting services can require too 
ibandwidth to be acceptable on large internetworks or in internetworks linked on 
serial connections. 

do not forward SAP broadcasts. Instead, each router builds its own SAP table 
awards the SAP table to other routers. By default, this occurs every 60 seconds. 

idvertisements can be filtered on input or output, or from a specific router: 





( 

3 




• An IPX input—SAP filter allows the administrator to control services that are 
r added to the router’s SAP table from a specified interface. 

,• The IPX output—SAP filter allows the administrator to specify services 
included in SAP updates sent out to a specified interface. 

• The IPX router—SAP filter statement is used to filter SAP messages received 
from a specified router on a specified interface. 

filters must refer to an earlier IPX access list numbered from 1000 to 1099. 


The Get Nearest Server Process 

Ware client/server interaction begins when the client powers up and runs its cli- 
.up programs. These programs use the client's network adapter on the LAN and 
the connection sequence for the NetWare client software to use. 

* broadcast that comes from a client using SAP. NetWare file servers respond 
SAP reply (Give Nearest Server), as shown in Figure 11-7. From that point on. 


1 

H 
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Figure 11-7 

GNS is a 
broadcast 
from a client 
needing a 
server. 


the client can log in to the target server, make a connect!, 
sources, 

o 


1 , “ “ ..- .union, set the packet si/e, and nm 

ceed to use server resources, provided the client is an authorised user of those resources 


NetWare 

Client 


GNS 

response 




File 

Server 




i 

< - J M 

^ A 



GNS request 






la NetWare server is located on the segment, ,t will respond to the client request If 
thca- are no NetWare servers on the local network, the Cisco router will respond to the"' 
GNS query with the address of the nearest server (or service, specified by the client 

An administrator might want to filter the extent of GNS responses. To filter GNS 
responses, the administrator uses a GNS output filter to limit the SAP table listing of 

,s 'ver- P , Ser | m r h L ar resp,,nd to thc GNS broadcast. This process of filtering { 

covered in more detail m Chapter 1.5, “Basic Traffic Management vvath Access Lists.” 

Configuring IPX Routing 


Configuration of Novell IPX 
parameters. 


as a routing protocol involves both global and interface 1 


’ Clobal tasks include: 

Start the IPX routing process. 

finable load sharing if appropriate for vour network. Load shari 
process of dividing routing tasks evenly among multiple routers to ha 
work and improve network performance. 

Interface tasks include: 

Assign unique network numbers to each interface, as shown in Figu 
Multiple network numbers can be assigned to an interface, allowing si 
different encapsulation types. 

Set the optional encapsulation type if it is different from the default. 
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Network 9e encap arpa 

< - 

RIP 


IPX 


7Z1 


RIP 


Network 4a encap snap 

Novell IPX Global Configuration Commands 

H. 

You can use three commands to set up the IPX global configuration, it desired: 


• ipx routing |/;o./e| 

• ipx maximum-paths |p.i//>s'| 

• ipx route destination-net next-hop \/l<utiii)’-sUtu \ 

Each of these commands is discussed in more detail in the follow ing sections. 

ipx routing Command 

The ipx routing [/iode| command enables Novell IPX routing. If no node address is 
specified, the Cisco router uses the MAC address of the interface. 

It a Cisco router has only serial interfaces, an address must be specified. 

ipx maximum-paths Command 

he ipx maximum-paths [number of p.iti>s\ command enables load sharing. Load shar- 
■ng occurs when parallel metric paths are available between the source and directly con¬ 
nected networks leading to the destination. The maximum-paths parameter indicates 
many identical paths can be considered when load balancing decisions are being 

.li ^ etau h value of number of paths is 1, which means load balancing is dis- 

i ib ‘fd by default. 



Figure 11-8 

Each interface 
is assigned a 
unique net 
*ork address 
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ipx route destination-net next-hop Command 


'P'S routing command is available m Release III 


id* route (network [network mask] 

(floating-static| 


default} {network.node \ interface } ' - 


i In a dynamically learned 
a need ICiRP, and the new 


ic route so that it ,1 static route goes down. 
The IPX Moating static routes allow you 
time the static route to a destination is lost 


ynamic route is 


Novell IPX Interface Configuration Commands 

Two commands are used to set up the IPX configuration: 


Novell IPX Configuration Example 

Consider the IPX configuration example shown in Figure 1 1-9, 


6c 0800 1213 13de 
Encapsulation = sap 


9e 0800 4313 df56 
Encapsulation = 
novell-ether 


Figure 11-9 

Networks 9e 
and 6c reside 
on the same 
physical 
media. 


Roth of these commands are discussed in more detail in the following sections. 


interface Command 


ipx routing 


interface ethernet 0.1 

ipx encapsulation novell-ether 

ipx network 9e 

interface ethernet 0 2 

ipx encapsulation sap 

ipx network 6c 


Network 4a 


4a 1234.0000.abcd 
Encapsulation = sap 


interface ethernet 1 

ipx network 4a encapsulation sap 


ipx network Command 

The syntax of this command is: n 

ipx network network I encapsulation encapsulation - type (secondaryj 


interface serial 0 
ipx network 1 


Network 9e 

> 

Network 6c 



E0 

Network 1 - 
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The following list defines the functions cc 


ipx routing 


ipx maximum-paths 2 


interface ethernet 0.1 
encapsulation novell-ether 


ipx network 9e 
interface ethernet 0.2 
encapsulation sap 


ipx network 6c 

interface ethernet 1 

ipx network 4a encapsulation sap 


interface serial 0 


ipx network 1 


nfigured lor the local router in f igure I 1-9- 


Selects II’X as a routing protocol and 
starts the routing process. 

Allows load sharing over parallel met¬ 
ric paths to the destination. The num¬ 
ber of parallel paths used is limited to 
two. 

Indicates the Hrst subinterface on inter¬ 
face to. 

Specifies that Novell s unique frame for¬ 
mat is used on this network segment. 
Casco's keyword is novell-ether; Nov¬ 
ell's terminology is Fthernet_802.3. 
Network number assigned to subinter¬ 
face KO. I. 

Indicates the second subinterface on in¬ 
terface to. 

Specifies that tthernet 802.2 frame for¬ 
mat is used on this network segment. 

C isco s keyword is sap. 

Network number assigned to subinter¬ 
face t0.2. J 

Indicates the first (and only) interface -i 
on interface 11. 

Specifies that the new default frame for¬ 
mat is used on this network, which has 
network address 4a. 

Indicates the first interface on serial in¬ 
terface SO. 

Sets the serial link's IPX network address 
to I. « 


Once II’X routing is configured, you can monitor and troubleshoot it using the follow 
ing commands: 


Verifying and Monitoring IPX Routing 

It'S always important to verify your configuration once it is complete. Use the com¬ 
mands defined in this section to ensure that your router is set up properly. Then focafl 
on the monitoring section to learn how to check and troubleshoot SAP, RIP, and IP# 
rrathe through the router. 


Monitoring Command 

show ipx interface 
show ipx route 
show ipx servers 
show ipx traffic 

Troubleshooting Command 
debug ipx routing activity 
debug ipx sap 


Displays 

IPX status and parameters 
Routing table contents 
IPX server list 
Number and type of packets 

Displays 

Information about RIP update packet** 
Information about SAP update packets 


Each of these commands is discussed in detail m the following sections. 

Monitoring the Status of an IPX Interface 

The show ipx interface command shows the status of IPX interface and IPX parameters 
configured on each interface, as shown in Figure 11-10. The first highlighted line shows 
the IPX address, the type of encapsulation, and the status of the interface. The second 
highlighted area shows that the SAP filters are not set. The last highlighted line shows 
that fast switching is enabled. 

You can manually set the tick metric. Use the command ipx delay number where num¬ 
ber is the ticks to associate with an interface. This command manually overrides the fol¬ 
lowing defaults on the Cisco router: 

• For LAN interfaces, one tick 

• For WAN interfaces, six ticks 

Some of the display fields shown include: 

• IPX JiUresi ...—Network and node address of the local router interface, 
follow ed by the type of encapsulation configured on the interface and the inter¬ 
face's status. Refer to the ipx network command for a list of possible values. 

• SAP Input filter list —Number of the input SAP filter applied to the interface 
with the ipx input-sap-filter command 

• SAP Output filter list —Number of the output SAP filter applied to the interface 
w ith the ipx output-sap-filter command 
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Figure 11-11 

Use the show 
ipx route com 

mand to view 
an IPX routing 
table. 


Figure 11-10 
Use the show 
ipx interlace 

command to 
i father inter 
face configu 
ration details 


Routertfshow ipx route 

Codes: C - Connected primary network, c - Connected secondary network 
R - RIP. E - EIGRP. S - static. W - IPXWAN connected 
5 Total IPX routes 


Router«show ipx interface ethernet 0 
Ethernet 0 is up. line protocol is up 

IPX address Is 3010.aa00.0400.0284, NOVELL-ETHER [up] line-up, RIPPQ: 0. SAPPQ: <5] 

Delay of this Novell network, in ticks is 1 
IPXWAN processing not enabled on this interface 
IPX SAP update interval is 1 minute(s) 

IPX type 20 propagation packet forwarding is disabled 

Outgoing access list is not set 

IPX Helper access list is not set 

SAP Input filter list is not set 

SAP Output filter list is not set 

SAP Router fitter list is not set 

SAP GNS output fitter list is not set 

Input filter list is not set 

Output filter list is not set 

Router filter list is not set 

Netbios Input host access list is not set 

Netbios Input bytes access list is not set 

Netbios Output host access list is not set 

Netbios Output bytes access list is not set 

Update time is 60 seconds 

IPX accounting is disabled 

IPX fast switching is configured (enabled) 

IPX SSE switching is disabled 
RIP packets received 1. RIP packets sent 10006 
SAP packets recieved 1. SAP packets sent 6 
-More- 


Up to 2 parallel paths allowed Novell routing algorithm variant in use 


R Net 3030 [6/1] via 3021.0000.0c03.13d3, 23 sec, Seriall 
Via3020.0000.0c03.13d3, 23 sec, SerialO 

C Nel 3020 (x25). SerialO 

C Net 3021 (HDLC). Seriall 

c Net 3010 (NOVELL-ETHER). EthemetO 

C Net 3000 (NOVELL-ETHER). Ethernetl 


It is located six ticks or one hop away. This information is i 
best routes. It there is a tie between ticks, hops are used to hr 

The next hop in the path is router >02 I .OOOO.OcOa. I 3d3. 

The information was updated 2> seconds ago. 

The updates will he sent through the interface named Serial I 


The second line of highlighting provides information about a direct connection lindi 
cated bv a C): 


ST P Router tiller list —Number of the router SAP filter applied to the interface, 
with the ipx router-sap-filtcr command 

IPX f.ist switch mu —Indicates whether IPX fast switching is enabled (defaultj, 
or disabled for this interface, as configured with the ipx route-cache command] 


Of particular interest are the delay and metric values. The de 
ticks ([1/I8]th of a second). Ticks are not implemented by all 
therefore, path decisions can he based on inaccurate informa 
specified as 6/1 refer to ticks and hop count. 


Monitoring IPX Routing Tables 

T he show ipx route command displays the contents of the IPX routing table, as shown 
in Figure I I -1 I. 

T he first highlighted line provides routing information for a remote network: 


The information was learned from a 


The network is number 3030 







2S2 


Figure 11-12 
Use the show 
ipx servers 

command to 
view the 
Server Infor¬ 
mation Table. 


j^Hluction to Cisco Router C 


onh'guration 


TIPS 

■-.•. _ 


' / '" th Cisco IOS Release 10 0 ana later 

test the WAN link when establishing an IPX conneT f ' JO '' e " 3 " eW pr0toco1 lp *WAN to 

set the WAN interface tick value Enter the ipx j DXW US& !he ‘ earnec ’ l,nk delay to 

serial interface. ,px ,pxwan command as you configure for the 


Monitoring the Novell IPX Servers 


I he show ipx servers command lists the ll>\ . 
tnents, as shown in Figure 1 1-|’. 1 V “" es '■hsemered through SAPadv 


Router> show ipx servers 

- ' 1 ■ ,ncremen,al ' ” - ***«.. S - stake 


errise- 


I Table ° rdem9,SbaSedon too,mg ana server info 


j r ype Name Net Ann 

I P4 ^!!^^0^04.0 28 P r045, 332800/1 2° PS 


HiS CXJmple Pr ° vides the blowing information: 


* The service learned about the server from a SAP update 

1 he server name, network location t„ . , . 

* The ticks and hops for the route \ ^ ' r ° SS ’ S ° Cket nUmt>er 

. T , , >Ute ,tjkon tr "n, the routing table) 

The number of hops (taken from the SAP protocol, 

The interface through which to reach the server 
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Monitoring IPX Traffic 

The show ipx traffic commanJ displays information about rhe number and tv pc of 1P\ 
packets received and transmitted by the router, as shown in Figure 1 1-1 >. 


Beast 

Sent: 


SAP 


Routertfshow ipx traffic 

System Traflic for 2018 0000 0000 0001 System-Name dtp-18 
Rcvd 23916 total. 13795 format errors. 0 checksum errors. 0 bad 
hop count 

0 packets pitched. 23916 local destination. 0 multicast 
17111 received. 9486 sent 
16707 generated. 0 forwarded 
0 encapsulation failed 0 no route 
6 SAP requests. 6 SAP replies 2309 servers 
0 SAP Nearest Name requests. 0 replies 
0 SAP General Name requests. 0 replies 
1521 SAP advertisements received. 2212 sent 
0 SAP flash updated sent. 0 CAP format errors 
6 Rip request. 6 RIP replies. 2979 routes 
8033 RIP advertisements received. 4300 sent 
154 RIP flash updates sent. 0 RIP format errors 
Rcvd 0 requests. 0 replies 
Sent 0 requests. 0 replies 
0 unknown: 0 no socket. 0 filtered. 0 no helper 
0 SAPs throttled, freed NDB len 0 
Watchdog: 

0 packets received. 0 replies spoofed 
Queue Lengths 

IPX input 0 SAP 0. RIP 0 GNS 0 

SAP throttling length 0.(no limit). 0 nets pending lost route 

reply 

Delayed process creation 0 



| RIP 


Echo 


Norice in Figure 1 1-l.i that a high percentage of the total number of packets received 
and sent were RIP advertisements, because this sample was taken from a lab network 
with essentially no user traffic on it. This screen shows how much overhead traffic SAP 
and RIP generate. 

Troubleshooting IPX Routing 

The debug ipx routing activity command displays information about !1’\ routing 
update packets that are transmitted or received, as shown in Figure 11-14. 








i 
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A router sends an update everv 60 seconds I- i l, i 

entries If there are more than' 50 entries m th P " m C ' ,n C<,nrjin U P to 50 
more than one packet. 1 <Hltmg ta ble, rh e update will include 

Tom other ro^rs^vm.l'd Ili!o7ptTrShlrii»“nr th ° m ' Updjtes receiv ed 


Figure 11-14 

If IPX routing 
problems 
occur run the 

debug ip * 
routing activ¬ 
ity command 


I Rouf er#deb(jg ipx routing activity 
I IPX touting debugging is on 
I Router# 

IPXRIP posting full update to 3010 ffff ffff «« r- 
, IPXRIP posting full update to 3000 ffff ffff Z V ' 3 !' beme ' 0 (broadcast) 
IPXRIP posting full update to 3020 fW ZZ ^ f' heme ' ’ (broa *«s» 
'PXRIP posting full update to 302? Z Z Z ^ ° ,br0adcas " 

IPXRIP sending update to 3020 ffff Z 2 17 ,broadcas '> 

'PXRIP src-3020 0000 0c03 Md8 da, 3020 ZZL „ 

network 3021. hops 1. delay 6 020 m in <- packet sent 

network 3010. hops 1. delay 6 

network 3000. hops 1, delay 6 

i ™ -css ss; „ 

network 3020, hops 1. delay 6 uz W W. ffff. packet sent 
network 3010, hops 1. delay 6 
network 3000. hops 1 delay 6 

5 s::s::- :s k I 

network 3030. hops 2. delay 7 m m ,W - P ack et sent 

network 3020. hops 1. delay 1 
network 3021, hops 1. delay 1 
network3000, hops 1 . delay 1 

' PXR 'P sen b'ng update to 3000 ffff ffff m vla ElhernetI 


Troubleshooting IPX SAP 

packers that are transmitted (!r7e«?Jed° m,T1and dlSpljys info ™ation about IPX SAP 

P,c packets'! bach S A I? pack et'appea r s'a s^md ti pie 22^°"^ Jnd ma - v mult,- 

Packer summary message and a ss m«^r s m thc ° utput and ind,,des a 

SAP packets may he one of these types: 


Ox I—General query 
Ox’—General response 
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. Ox 3—tret Nearest Server request 
. 0x4—Get Nearest Server response 

In each line, the address and distance of the responding or target router is listed. 

Each update takes multiple lines, one summary, and the rest detail. Figure 11-15 shows 
three SAPs: 

• An Input SAP (indicated by the “I”) 

• A SAP update sent to IPX network 160 

• An Output SAP (indicated by the “O”) with information about the tile server 
named Magnolia 


Roulerkdebug ipx sap events 

IPX service events debugging is on 

Routed* 

NovellSAP at 0023F778 

I SAP Response type 0x2 len 160 src:160 0000 0c00.070d dest:160 ffff.ffff ffff(452) 
type 0x4, "HELL02". 199.0002 0004.0006 (451), 2 hops 
type 0x4. "HELL02”. 199 0002.0004 0008 (451). 2 hops 
NovellSAP sending update to 160 
NovellSAP at 00169080 

o SAP Update type 0x2 len 96 ssoc:0x452 dest: 160.ffff.ffff ffff(452) 

Novell: type 0x4 Magnolia'. 42 0000.0000.0001 (451), 2 hops 


Figure 11-15 
The debug ipx 
sap (activity / 
events] 

command can 
be used to 
check out any 
service avail¬ 
ability 
problems. 


Activity and events are not really options because one or the other is required. The 
debug ipx activity command provides more details, and the debug ipx events option 
provides fewer details by focusing on SAP packets that contain interesting events. For 
the most useful information, use these two commands together. 

Summary 

In this chapter, you learned about Novell's 10-byte IPX address elements and encapsu¬ 
lation options. You also learned how Novell’s service discovery mechanism and routing 
information exchange methods work for clients and server. You viewed the IPX global 
and interface configuration commands used by Cisco. In Chapter 12, Configuring 
AppleTalk," you will learn how AppleTalk addressing works and how to configure a 
Cisco router to connect AppleTalk networks. 
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V('rite eour answers in the following t.ihle. 

R3 Interface Name Network Address Encapsulation 

50 

51 
El 

Question 11.2 

What command do you issue to enable IPX routing on .1 router.' 


Question 11.3 

What command mode must the router be in before you can issue the ipx routing 
command? 

Question 11.4 

What command do you issue to assign IPX network numbers on a router.' 

Question 11.5 

\\ hat command do you issue to eerily IPX address assignment on a router.' 


Question 11.6 

What command do you issue to eerily entries in the routing table.' 










Configuring AppleTalk 



chapter presents an introduction to the AppleTalk protocol suite and how it oper- 
Cisco IOS software configurations. The chapter includes information on 
addressing, logical zones, and locating services, as well as details on contig- 
and verifying AppleTalk routing. 


Overview 

was designed by Apple Computer to provide communication and resource 
among its Macintosh computers and peripherals. In this section, you learn 
the AppleTalk protocol stack, the addressing system, and the service discovery 


Protocol Stack 

12-1 compares the AppleTalk protocol architecture to the OS1 reference model. 

the hardware layers, most standard media types are supported using AppleTalk 
2 (an extended network). Many Apple products contain a LocalTalk interface 
over twisted-pair cabling at 230 kbps. The LocalTalk interface is not 
on Cisco products; therefore, LocalTalk devices can be adapted to Ethernet or 
LAN environments. 

3 in the AppleTalk architecture, the Datagram Delivery Protocol (DDP) pro¬ 
connectionless datagram service. 



Figure 12-7 
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AppleTalk Features 

AppleTalk was designed as a client-distributed network system. T'as means that users 
share network resources (such as Hies and printers) with other ucrrx. Computers sup¬ 
plying these network resources are called servers ; computers ustni a server s network 
resources are called clients. Interaction with servers is essentially transparent to the user 
because the computer determines the location of the requested martnals and accesses it 
without further information from the user. 

Clients use broadcasts to learn about available services. The AppeTulk environment 
allows propagation of lookups by the router, ensuring that all as a.able services will be 
located by the user. 

AppleTalk addresses are composed of a 16-bit network numbe' ind an 8-bit node 
number: 

• The network portion of the address is manually configured > the administrator. 

• The node identifier portion is dynamically acquired durini device startup. The 
node identifier can also be manually configured on th: Cisco router. This 
process is useful when configuring AppleTalk for multipoint WANs and for 
remote access using dialer maps. 

Random selection of node numbers makes troubleshooting witr 1 network analyzer 
somewhat more difficult, but a Macintosh or PowerPC usualh *ives its address in 
NVRAM so it can reuse the same address on its network environment. 

RTMP (Routing Table Maintenance Protocol) provides routing information updates at 
Layer 3. RTMP is a Routing Information Protocol (RIP) derivator- using hop count as 
its metric for routing decisions. RTMP routing protocol update? occur at 10-second 
intervals (thus, the reputation of AppleTalk as a “chatty” pro'ocol). Use of zones 
(which are discussed later in this chapter) groups networks and se- ices to help reduce 
this chattiness. Hosts listen to RTMP updates to learn the router • address. 

Nonextended or Extended Networks 

Early releases of AppleTalk (pre—1988) used an addressing schem: -eferred to as Phase 
1. This scheme did not allow large numbers of hosts on a single wre. An equal number 
of servers and hosts was allocated, at most 127 of each. Any Macntosh can be a host 
or server. Nonextended networks could have only a single netwomt on the wire. These 
characteristics define a nonextended network , as shown at the toi if Figure 12-2. 






Address 

105.3 


Address 

100.58 


Figure 12-4 

Extended 
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Extended Addressing 

In an extended network, the network numbers of the nodes can be different, as shown 
in Figure 12-4. There may be a wide network range on a single logical network: 

• Network number—16 bits 

A cable range states the span of network numbers available on this media. 

Narrow range networks (networks with a single network number) are 
supported. 

A network number of 0 is reserved by the protocol for a newly attached node 
to use when it does not yet know the network number to use on its attached 
cable. 

• Node number—8 bits 

Numbers in the range 1 to 253 represent any node (user, printer, and other 
devices). 

The numbers 0, 254, and 255 are reserved on extended networks. 

Node numbers are dynamically assigned. 


**• 




Figure 12-3 

Phase 2 inter¬ 
faces must 
use unique 
network.node 
numbers. 
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SO 
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.rr.*.» 

AARP is the protocol that reconciles p«S 0 | addtt , Sh ° Wn Fi « Urc ,2 ' 5 - 

the same manner as IP ARP does. In this case the new" ^ hjrd ' vare jdJ ress, much in 
anyone has the same node number. If the'pa^ttesTn ""t ^T' J prul * "* « 
the address is available. P g ° unanswered, the new node believes 


Figure 12-5 

The AppleTalk 
host uses ZIP 
and AARP to 
obtain an 
address. 


Address Address 

104.128 101.77 


Address 

100.58 


1 I will use a 
provisional 
v address ✓ 


4.1 will choose 
V network 105 


[' 2. Get cable range 


_ ^ I 3 Cable ra nge 100-110 

5. Probe: 105.3 ] ^ J 

response ind,cates the 

15 ,nValid ' user 2 elects a network number from the'cable rangT' 0 ""' 

User 2 issues 10 more AARP probes to verify the uniqueness of the chosen node , D: 

* If there is a response that the node ID is in use, user 2 tries another node ID 
there is no response to the probe, user 2 uses this ID. 

User 2’s address becomes 105 5 Afr«»r „aa 

stored address is probed for at’ the next power-up sequel'I 'f RAM ' Thc 

assignment is initiated. P ^ ence ’ and if it is in use, dynamic 
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Limiting Requests for Services 

One method for controlling broadcast traffic is to allocate n<x3es to «® fS - * " n j 
Figure 12-6. A node can be in only one zone. A zone is a logical group ot n<r * V ’j l ^ ;0V . 
services that helps reduce AppleTalk’s chattiness by enabling devices to pertx'rm *- 
ery and communication within a smaller area. 

Each interface in the router must be assigned to a zone as pm ot ir> ’■ on ^ r *' or a 
Many devices, including the Cisco router interfaces, are visible in the detau t ro 
cable range. ^ 

In Figure 12-6, the LAN in Bldg. 1 has been separated from the 'SAN that > n >- 
Bldg. 2 and 3. 



Figure 12-6 

Zones are 
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trol broadcast 
traffic. 
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• Routers in the path forward these replies until they reach the originating router. 

• The originating router sends the reply to the end user. The user selects the 
preferred service. 

A logical link for that service is retained in the Macintosh for future reference, and a list 
of services and zones is maintained within the router for local reference. 


Remember that each device can be in only one zone. 


Key 

Concept 


Locating AppleTalk Services 

As mentioned earlier, users on the AppleTalk network locate specific services using NBP 
requests. 

In Figure 12-8, user 2 looks for printers in the zone named Users. The router checks a 
local table, the zone information table (ZIT), which contains a complete network-to- 
zone-name mapping of the Internet. The router then creates a packet to forward the 
requests to each segment of the selected zone. The router will create one request to send 
out cable 1001-1001, and another request to send out cable 1002-1002. Responses that 
the router forwards to user 2 inform user 2 about printer 1A and printer IB. 


( 3 I'm printer ) Printer 1A User 1 

v_. 1A J a 

" -Q 


User 2 ( ’ Wha ' prin,6rS 
user * , are available? | 




EOT 

Unicast to 

w 

find printers 

i I—^ 

in zone 


Figure 12-3 

User 2 
searches the 
zone named 
"Users~ 


2. Propagate 
request for 
printers 



3. I'm printer 
IB 
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Configuring AppleTalk 

Now that you know the basic elements of rh^ A i -r n 

and service discovery, the following looks at h<w von"* '’"""‘l? 1, lncludm S addressing 
handle AppleTalk communications. X L;ln C ° nfigUre a Cisco router to 


AppleTalk Configuration Tasks 

Configuration of AppleTalk 


face 


parameters. 


as a routing protocol requites setting both 


global and 


inter- >1 


■ Global task: 

Select AppleTalk routing to start the routing process. 

1 Interface tasks: 

Assign a range of network numbers to ^,, 4 , 

an appropriate assignment. H f ' Ke ' A narrow range can be 

r„r„vi;s 2 *« -*•> 


Cisco engineering recommends that 


you use one network number 


per 50 nodes 


After an address and zone name are assigned • c 

cessing. All routers in a network or data link m 15 e L nabled for packet pro¬ 
zone, and zone list. mUSt a 8 ree on the cable range, default 


■ 
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AppleTalk Configuration Commands 

There are four basic commands used to configure an AppleTalk network: 

• Global config tasks/commands: appletalk routing (Required) 

• Interface commands: appletalk protocol (Optional) 

• appletalk cable-range (Required) 

• appletalk zones (Required) 

Each of these commands is discussed in more detail in the following sections. 


appletalk routing Command 

Router(config) tfappletalk routing 
The appletalk routing command starts the AppleTalk routing process. 


appletalk protocol Command 

Router(conf ig-if)#appletalk protocol {rtmp | elgrp ; aurp} 

The appletalk protocol command selects one or more routing protocols for use on this 
interface. 

appletalk 

protocol 

Command Description 

The routing protocol is RTMP, which is the default. 

This specifies that the routing protocol to use is Enhanced IGRP. 

This specifies that the routing protocol to use is AppleTalk Updated- 
Based Routing Protocol (AURP). This is the method of encapsulating 
AppleTalk traffic in the header of a foreign protocol, allowing the 
connection of two or more discontiguous AppleTalk internetworks 
through a foreign network (such as TCP/IP) to form an AppleTalk WAN. 

Note that if the appletalk protocol command is omitted in the interface specification, 
RTMP is selected by default. 


rtmp 

eigrp 

aurp 
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appletalk cable-range Command 

Routerfconfig if) kappletalk cabl.-range est range l net»orl'.no Cl e ] 

The appletalk cable-range command specifies a range of network numbers to the inter- 
Th S tommand has two Parameters, described in the following table. 


appletalk 

cable-range 

Command 

cjble-range 


network.node 


Description 

~Th,s argument 

start and end of the cable range, separated by a hyphen. These values 
are a decimal number from 0 to 65279. The starting network number 
must he less than or equal to the ending network number. 

is argument is optional and defines the suggested AppleTalk 
address for the interface. The argument network is the l6-b,t 
network number, and the argument node is the 8-bit node number, 
oth numbers are decimal. The suggested network number must fall 
Within the specified range of network numbers. 


T 1 '', 77?'” '’"" WS ,l " nc,w " rl ‘ to .Wrfl, a 

appletalk zone Command 

Routerfconfig if )#appletalk zone zone-name 

c T an e be P a l ss ,alk ~ 3 '1 the Z °" e name to the Hnk. Multiple zones 

can be assigned to one interface in a Phase 2 install irion Th.r; , . . 

default zone name. ‘ installation. The first zone name is the 


AppleTalk Configuration Example 


‘ ” mplC A|,P " T ” lk n. following dehnes ,ho 


Command 
appletalk routing 
interface ethernet 0 


Description 

Starts the AppleTalk routing process 
Defines the interface being configured 
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Command ___ 

^ppictaliTcabie-rangcToO-ToS 

appletalk zone engineering 

interface ethernet 1 
appletalk cable-range 200-205 

appletalk zone engineering 
appletalk zone headquarters 
interface serial 0 
appletalk cable-range 
1000-1000 1000.128 


appletalk zone engineering 


Description______ 

Establishes a range of six network numbers available 
to devices on E0 

Places interface E0 into a zone named engineering. 
This zone is the default because it is specified first. 
Defines the next interface being configured 
Establishes a range of six network numbers available 
to devices on F.1 

Places interface El into the engineering zone 
Places interface El into the headquarters zone 


Assigns a narrow cable range of 1000 to interface 
serial 0 and specifies the network.node address of 
1000.128 

Places interface SO into the engineering zone 
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All interfaces are using RTMP as the default routing protocol because no appletalk pro¬ 
tocol commands are specified. 


appletalk routing 

interlace ethernet 0 
appletalk cable-range 100-105 
appletalk zone engineering 

interface ethernet 1 
appletalk cable-range 200-205 
appletalk zone engineering 
appletalk zone headquarters 

interface serial 0 

appletalk cable-range 1000-1000.128 
appletalk zone engineering 


Zone engineering 


Network 100-105 


Figure 12-9 

This AppleTalk \ 
network sup¬ 
ports two ( 


Network 1000-1000 


Network 200-205 


Zone headquarters 
R=AppleTalk RTMP 


After AppleTalk routine is enabled, interface EO dynamically acquires a "" b '' 
on on, or si, available network numbers. Serial 0 has a hrard; 0 oded nddenss of 
1000.128. All interfaces in the router are part of the zone engineering, and El 
part of zone headquarters. 
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Discovery Mode 

AppleTalk routers can dynamically discover network 

a technique called discovery. A seed router is a router that f X Z<>neS by US ' ng 

mation, whereas a nonseed router is not privy to this inform" 

inf “ suth as - 

router to provide configuration information to other nonseeVroutX * ** 

» r'«» » "0„s«d i JL, in," 3 ”o ,'"ZZt '° m ” Tkm m **" 

In Phase 2 only—Assign the cable range as 0-0 like so: 
Router(config-if)#appletalk cable-range 0-0 

J5E."" • ppk ™ J ‘ xomr d «“ »■>* - StS 

Router(config- if,#appletalk cable-range cable-range 
Router(config-if)^appletalk discovery 



t h e di8coverv, is on bv defauit - t ° disab,e *• use 


updated InX dr ? Uter c ° nfi g u ratton informal, it participates in routing 

updates. In effect, tt acts hke a seed router for other routers coming up on the network 
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Discovery Mode Example 

Figure 12-10 provides an example of how to configure one router as a seed router and 
another router to use discovery mode. The following list explains the configuration 
commands used: 

Command 
Interface E0 

appletalk cable-range 0-0 
Interface El 
appletalk cable-range 
3000-3002 
appletalk discovery 


Description 

Places E0 into discovery mode 
Assigns a network range to El 

Places El into discovery mode 


Both E0 and El dynamically learn their addresses and zones. 

In the live configuration file, after discovery, for E0: 

Command Description 

appletalk cable-range 100-105 The acquired network range 

appletalk Zone Bldg-17 The acquired zone name 

In the live configuration file, for El 

Command 

appletalk cable-range 200-205 
appletalk Zone Bldg-13 


Description 

The acquired network range 
The acquired zone name 
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Figure 12-10 

You must have 
a seed router 
on the net¬ 
work to use 
discovery 
mode. 


Initial Configuration for Router C 

appletalk routing 
interface ethernet 0 
appletalk cable-range 0-0 
interface ethernet 1 
appletalk cable-range 3000-3002 
appletalk discovery 

Live Configuration After Discovery 

appletalk routing 
interface ethernet 0 
appletalk cable-range 100-105 1 02.6 
appletalk Zone Bldg-17 
interface ethernet 1 
appletalk cable-range 200-205 205.11 
appletalk Zone Bldg-13 


Zone Bldg-17 


2 


100.35 E0 | 

E0 I Network 100-105 
-— -d 


Network 200-2 05 

202.161 Tio 


rB B | 


Zone Bldg-13 



Verifying Your AppleTalk Configuration 

'Tlr COm T and t0 d,splay StaU,S aboUt al1 A PP leTa,k inter- 


Figure 12-11 
Use the show 
appletalk 
interface com¬ 
mand to check 
the protocol 
configuration. 


Router#show appletalk interface ethernet 0 
EthernetO is up, line protocol is up 
AppleTalk cable range 3010-3019 
AppleTalk address is 3012.93, Valid 
AppleTalk zone is “Id-eO" 

AppleTalk port configuration verified by 3017.170 
AppleTalk address gleaning is enabled 
AppleTalk route cache is enabled 
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• AppleTalk address gleaning is enabled, which means the router can add 
addresses to its address resolution table by examining incoming packets. 

• AppleTalk route cache is enabled, which means that fast switching is enabled 
on this interface. 


Monitoring AppleTalk 

Use the show appletalk route command to display the contents of the AppleTalk routing 
table, as shown in Figure 12-12. 

Figure 12-12 shows the zones assigned to each cable range. The highlighted line shows 
an example of a wide cable range in the entry derived from RTMP. 

The information indicates C for directly connected interfaces and R for routes derived 
from the RTMP routing protocol updates. 


The show appletalk interface command is particularly useful when you first enable 
AppleTalk on a router interface. The display in Figure 12-11 shows you this tnformarion: . 


The interface is Ethernet 0. 

The cable range contains an address value from which an address was sell 
he address is marked as valid, which means it does not conflict with an 
node on that segment. 

The zone name is listed. 


ikm r 

1 


Router#show appletalk route 

Codes: R - RTMP derived, E - EIGRP derived, C - connected, A - AURP 
S - static, P - proxy 
5 routes in internet 

The first zone listed for each entry is its default (primary) zone. 

C Net 3000-3005 directly connected, Ethernet 1, zone ozone 
C Net 3010-3019 directly connected, EthernetO, zone Id-eO 
C Net 3020-3020 directly connected, SerialO, zone dc-sO 
C Net 3021-3021 directly connected, Seriall, zone dc-sl 
R Net 3030-3039 [1/G] via 3020.259 4 sec, SerialO, zone cfeo 


^Theshow appletalk zone command displays entries in the AppleTalk zone information 
>? ble , as shown in Figure 12—13. 

ce that the wide range of networks, 3000-3005, occur in zone Id-eO as well as in 
i ozone. The NBP lookup process is limited to the zone specified by the Macintosh 
l**rs zone selection in the Chooser. 

appletalk globals command displays information and settings about the 
. * global AppleTalk configuration parameters, as shown in Figure 12-14. The 
®hted line indicates Phase 1 compatibility through the use of unary cable ranges 
•®gle zones per interface. 


Figure 12-12 
Use the show 
appletalk 
route com¬ 
mand to check 
the AppleTalk 
routing table. 




% 


Ofk 

CT corn mands you may be interested in are the show appletalk arp and debug 
>events commands. 


I 
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Figure 12-13 
Use show 
appletalk zone 

command to 
view the 
router's zone 
information 
table. 


EIGRP derived. C - connected. A - AURP 


Router#show appletalk route 
Codes: R - RTMP derived. E 
S - static. P - proxy 
5 routes in internet 

The first zone listed for each entry is its default (primary) zone. 

C Net 3000-3005 directly connected. Ethernets zone ozone 
C Net 3010-3019 directly connected. EthernetO. zone Id-eO 
C Net 3020-3020 directly connected. SerialO. zone dc-sO 
C Net 3021-3021 directly connected. Serial 1. zone dc-sl 
R Net 3030-3039 [1/G] via 3020.25. 4 sec, SerialO. zone cf-eO 


Figure 12-14 
Use the show 
appletalk glo- 
bals com¬ 
mand for an 
overview of 
Phase 7 to 
Phase 2 
compatibility. 


| Router#show appletalk route 
! Name 
1 Id-eO 
ozone 
cf-eO 
I dc-sO 
I dc-sl 


Network(s) 

3010-3019 3000-3005 
3000-3005 

3030-3039 

3020- 3020 

3021- 3021 


The show appletalk arp command displays the entries in the AARP cache. It is a privi¬ 
leged EXEC command. Use the debug apple errors EXEC command to display errors 
occurring in the AppleTalk network. The no form of this command disables debugging 
output. 

The debug apple routing command displays output from the RTMP routines, as shown 
in Figure 12-15. This command is used to monitor acquisition, aging, and advertise- 21 
ment of routes. It also reports conflicting network numbers on the same network. 


CAUTION 


The debug apple routing command can generate many messages. It should be used 
only when CPU use is less than 50 percent. 


Routertfdebug apple routing 
AppleTalk RTMP routing debugging is on 
AppleTalk EIGRP routing debugging is on 
Router# 

i AT: RTMP from 3002.5 (new 0. old 0. bad 0. ign 0. dwn 0) 

; AT: RTMP from 3017.170 (new 0. old 0. bad 0. ign 0. dwn 0) 

AT: src=Ethernet0:3012.93. dst=3010-3019. size=34. 4 rtes, RTMP pkt sent 
I AT: Route ager starting on Main AT RoutingTable (5 active nodes) 

AT: Route ager finished on Main AT RoutingTable (5 active nodes) 

AT: RTMP from 3020.25 (new 0. old 1. bad 0. ign 1, dwn 0) 

AT: RTMP from 3021.193 (new 0. old 1, bad 0. ign 3. dwn 0) 

: AT: RTMP from 3020.25 (new 0. old 1. bad 0. ign 1, dwn 0) 

, AT: RTMP from 3002.5 (new 0. old 0. bad 0. ign 0. dwn 0) 

! AT: RTMP from 3017.170 (new 0. old 0. bad 0. ign 0 dwn 0) 

i AT: src=Ethernet0:3012.93. dst=3010-3019, size=34, 4 rtes. RTMP pkt sent j 
AT: src=Ethernet0:3000.175. dst=3000-3005. size=34. 4 rtes. RTMP pkt sent 
AT: src=Senal0:3020.26. dst=3020-3020. size=28. 3 rtes. RTMP pkt sent 
■ AT. src=Senal 1:3021.144. dst=3021-3021. size=34, 4 rtes. RTMP pkt sent 


Figure 12-15 
The debug 
apple routing 

command 
displays all 
RTMP update 
information. 


Summary 

In this chapter, you learned how AppleTalk addressing is designed, as well as the differ¬ 
ence between Phase 1 and Phase 2 AppleTalk networks. Recall that AppleTalk was 
designed as a client-distributed network system, which means that users share network 
resources with other users. You learned about the AppleTalk protocol stack, examined 
the AppleTalk configuration and monitoring commands, and learned how clients per¬ 
form service discovery. Chapter 13, “Basic Traffic Management with Access Lists," cov¬ 
ers traffic management techniques using Cisco access lists. 
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Chapter Twelve Test 
Configuring AppleTalk 


Question 


>mmand do you issue to assign zones to each link on a router 


Estimated Time: IS minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, "Chapter Test Answer Key.” 


Question 12. if 

What command do you issue to verify the address assignment on a router 


Question 12.1 


Question 12.9 

What command do you issue to verify entries in the routing table? 


T F AppleTalk addressing is composed of network.node. 


Question 12.2 


T F Node numbers are dynamically acquired 


Question 12.3 


T F Multiple network numbers can exist on one wire 


Question 12.4 


T F Servers use broadcasts to learn about available clients. 


Question 12.5 


What command do you issue to enable AppleTalk routing on a router? 


Question 12.6 


What command do you issue to assign cable ranges to each interface on a 




Basic Traffic 

Management with 
Access Lists 


This chapter presents basic and extended access lists as a means to control network traf¬ 
fic. It explains general concepts about access lists and defines how to configure IP, IPX, 
and AppleTalk access lists. 

Cisco IOS software features access lists for most protocols. Refer to Appendixes B and 
C, respectively, for more information on DECnet and VINES. 


Access Lists Overview 


This section presents an overview of access lists, including where and when they should 
be used and how they work. It also includes a discussion of wildcards in access lists and 
shows sample access list configurations. 

Recall that an access list is used to define the type of traffic that should be allowed or 
restricted from crossing a router. 


Why Use Access Lists? 

The earliest routed networks connected a modest scale of LANs and hosts. Next, the 
network administrator enlarged router connections to legacy and outside partners’ net¬ 
works. Increased use of the Internet brought new challenges to access control. Newer 
technology—from optical backbones to broadband services and high-speed LAN 
switches—increased control challenges again. 
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s , W,n V"? ma: h ” w r <> deny 

" , Alth<>u «h other tools such .,s P L 

; , " V ' CeS ‘ ,re hc, P fu| . they often lack th, 
idmimstrators prefer. 

U ' f ° o1 for n «work control. These lists 

out r outcr interfaces Such 

> certain users or devices. Access li 

Permit or deny other features. ^ 


Figure 13-1 

Access lists 
can be used to 
specify packet 
traffic for 
dialing remote 
sites using 
dial-on- 
demand 
routing. 


Packet 

Arrives 


Public 

Switched 

Telephone 

Network 


Make DDR call for this traffic? 


designate certain packeBXpJS^*^' Pri ‘ ,ntizatl °n enables you 
• Restrict or redutv rk. - 

Identity' which packets will hr, 

This ensures that packets that are^o^vitaho rouri "S connection 

t bring up a WAN link. the communications processes dc 

Access lists also process packets for other security feature, to: 

* Provide IP traffic h 

- g the lock-and-keTfeir 55 ^ ^ danced user authent, cation 

* Identity packets for encryption 

A * *.»-»**.-** J 

initiates i WAV ° n || drn, ' lnd rou[| ng (DDR) i, e.neJR * network,n 8> the Iraf ' ■ 

this traffir WAN l5° 3 rern °te site onlv when th j • I° lume and Periodic. DDR 
as inr-r V ° U S ^ Llfy the Packets that the DDR ^ ' S traffic C ° transmit - To identify I 
address ‘a® ^ F<5r eXam P ,e n the the router will interpret <, 

fore he S ’r~? d Ser j V1Ce ° r oetwork information cnnMh"^ 0 ^ address > source network J 
^e be restricted or permit^ ‘ n cou,d b ? defined as interest,, 


call initiation, enter access list statements to identify the source and destination 
addresses and choose specific protocol selection criteria for initiating the call. 

Then you establish the interfaces where the DDR call initiates. This step designates a 
dialer group. The dialer group associates the results of the access list specification of 
interesting packets to the router's interfaces for dialing a WAN call. 

For DDR as well as other applications, access lists express the set of rules that give 
added control for packets that enter inhound interfaces, packets that relay through the 
router, and packets that exit outbound interfaces of the router. Access lists do not act 
on packets that originate in the router itself. Instead, they are statements that specify 
conditions for how the router will handle the traffic flow through specified interfaces. 
Access lists give added control for processing the specific packets in a unique way. 

The two main types of access lists are standard and extended access lists. 


Standard Access Lists 

Standard access lists for IP check the source address of packets that could be routed 
The result permits or denies output for the entire IP protocol suite, based on the net¬ 
work/subnet/host address. 


Extended Access Lists 

Extended access lists check for both source and destination packet addresses. They also 
can check for specific protocols, port numbers, and other parameters, which allows 
administrators more flexibility to describe what checking the access list will do. Packets 
can be permitted or denied output based on where the packet originated and on its 
destination. 


m 
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Figure 13-2 

With an 
extended 
access list, 
packets com¬ 
ing in EO are 
checked for 
source 
address, 
destination 
address, and 
protocol. 


For example, in Figure 13-2, packets coming in EO are checked for source address, des¬ 
tination address, and protocol. If the packets belong to a permitted protocol and source 
and destination addresses, they are output through SO, which is grouped to the access 
list. If not, they are dropped. 


EO 

Standard Access List Processing 
_. 




-^ 


Incoming 

Does source 

/ \ 

so 

Packet 

address mater? 

\x 

Outgoing 

1 

Is protocol 

IP? 

r 

Packet 







| 



The extended access list also permits or denies with more granularity. For example, it 
can allow electronic mail traffic from EO to specific SO destinations, while denying 
remote logins or file transfers. 

The extended access list can also match other packet header fields, for example, IP pro¬ 
tocol and TCP port number. 

How Access Lists Work 


The beginning of the process is the same regardless of whether access lists are used: As 
a packet enters an interface, the router checks its routing table to see if the packet is 
routable or bridgeable, as shown in Figure 13-3. If it is neither, the packet will be 
dropped. If the packet is routable, a routing table entry indicates a destination network, : 
some routing metric or state, and the interface to use for forwarding the packet. 

Next, the router checks to see if the destination interface is grouped to an access list. If 
it is not, the packet can be sent to the output buffer. For example, if the packet will use 
ToO as a destination interface, and ToO has no access lists in effect, the packet uses ToO 
directly. 


If the destination interface of the packet is grouped to an access list, the packet must be 
filtered through that list. For example, suppose that an interface, EO, has been grouped 
to an extended access list. The administrator used precise, logical expressions to set the 
access list. Before a packet can proceed to that interface, it is tested by a combinatira| 
of access list statements associated with that interface. 



Packet 



Figure 13-3 

The access list 
process. 


Based on the extended access list tests, the packet can be permitted or denied. To deny 
permission means to discard the packet. When discarding packets, some protocols 
return a special packet that notifies the sender of the unreachable destination. For 
example, an ICMP packet may be sent to indicate that the destination is unreachable. 
To permit the packet means to grant it access through interface F.O. The router’s access 
list provides effective control in denying the use of the EO interface. 

Note that EO in this case is an outbound access list. For outbound lists, the test process 
determines whether or not the packet is permitted access to the outbound interface. For 
inbound lists, the test process determines whether or not the router continues process¬ 
ing the packet after receiving it on an inbound interface. 

A List of Tests: Deny or Permit 

Access list statements operate in sequential, logical order. They evaluate packets from 
the top down. If a packet header and access list statement match, the packet skips the 
rest of the statements. If a condition match is true, the packet is permitted or denied. 
There can be only one access list per protocol per interface. 

In Figure 13-4, for instance, by matching the first test, a packet is denied access to des¬ 
tination interfaces. It will be discarded and dropped into the bit bucket. The packet is 
not exposed to any access list tests that follow. 
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The access list 
statements 
are a sequen¬ 
tial collection 
of permit 
or deny 
conditions. 


Access List Command Overview 

There are two general elements of access list configuration commands: 


Match 

First 

Test?, 


Packets to Interface(s) 
in the Access Group / 


1. The access list process contains global statements: 

Router(config)#access-list access■list-number {permit \ deny} 
{test conditions} 

• This global statement identifies the access list, usually an access list number. 
This number refers to the type of access list this will be. In Cisco IOS 
Release 11.2 or later, access lists for IP may also use an access list name 
rather than a number. 

• The permit or deny term in the global access list statement indicates how 
packets that meet the test conditions will be handled by Cisco IOS software. 
Permit usually means the packet will be allowed to use one or more inter¬ 
faces you will specify later. 

• The final term or terms specifies the test conditions used by this access list 
statement. The test can be as simple as checkins for a single snurrp address 


Match 

Next 

Test(s) 


Permit 


Permit 


Destination 

Interface(s) 


Match 

Last 

Test? 


Permit 


Implicit 

Deny 


Packet 

Discard 

Bucket 


itement Assume a d ff “"‘“'T test will it drop to the next 

it ^he permitted of ' ^ parameter5 ™ tch *e next test, a per 

it. 1 he permitted packet proceeds to the destination interface. ^ 

'the next ac ^ COnditions of the »«« or second test but does match 
the next access list statement; again, a permit results. 

tccess fisr S /\ ? n atces * must have conditions that test true for all pack- 
d not test rrup 1 ^!^ Sta [ emenr covers all packets for which preceding 
is denv ft i| S j C P at 'kets match the final test condition. The final 
fj - ’ ° en , Ca e 3n J m pHcit deny because it does not actually appear 

XSXt XX - - - »I"— ■" r-":; 


Access lists can control most protocols on a Cisco router. Table 13-1 shows the 
*ols and number ranges of the access list types covered in this chapter. 

iftccass Li st Type Number Range/Identifier 

p Standard 1-99 

|. Extended 100-199 


proto 


Table 13-1 

Access list 
protocols and 
number 
ranges. 


Standard 
Extended 
SAP filters 
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An administrator enters a number in the protocol number range as the first argument 
of the global access list statement. The router identifies which access list software to use 
based on this numbered entry. Access list test conditions follow as arguments. These 
arguments specify tests according to the rules of the given protocol suite. The meaning 
or validity of the standard and extended identification scheme for access lists varies by 
protocol. ’ 


Testing Packets with IP Access Lists 

For TCP/IP packet filters, Cisco IOS access lists check the packet and upper-layer 
headers, as shown in Figure 13-5. 


Figure 13-5 

Access lists 
can check the 
packet's 
source 
address, 
destination 
address, or 
upper-layer 
port numbers. 


Segment 


Packet 
(IP header) 


Frame 
Header 
(for example, 
HDLC) 


(for example. 


TCP header) 


CAUTION 


Port Number 


Exceptions to the numbering classification scheme include AppleTalk and 
the same number range can identify various access list types. For the mo 
ranges do not overlap between different protocols. 

Banyan VINES is the notable exception. Its number ranges 1 to 100 and ' 
with the single server and clients node group in each logical network. Nu 
ranges will not conflict with IP access list numbers because the administrator 
command: vines access-list. More on this point appears in Appendix C. 


Protocol 


/ Use \ 

// access 
/ list statements \ 
1-99 or 100-199 to 

\ test the 

packet / 


Source Address 


Destination Address 


Permit 


For example, access lists can check the packet for: 


Many access lists are possible for a protocol. Select a different number from the proto¬ 
col number range for each new access list; however, the administrator can specify only 
one access list per protocol per interface. 

Number ranges generally allow 100 different access lists per type of protocol. When a 
given 100-number range designates a standard access list, the rule is that the next 100- 
number range is for extended access lists for that protocol. 


Source IP addresses using standard access lists; identify these with a number in 
the range 1 to 99 

Destination and source IP addresses or specific protocols using extended access 
lists; identify these with a number in the range 100 to 199 

Upper-level TCP or UDP port numbers in addition to the other tests in 
extended access lists; also identify these with a number in the range 100 to 199 


For all these TCP/IP access lists, after a packet is checked for a match with the access 
list statement, it can be denied or permitted to use an interface in the access group. 


Key Concepts for IP Access Lists 

Create access lists using the normal global router configuration process. 

Specifying an access list number from 1 to 99 instructs the router to accept standard IP 
access list statements. Specifying an access list number from 100 to 199 instructs the 
router to accept extended IP access list statements. 


TCP/IP Access Lists 

This section focuses on TCP/IP standard, extended, and named 
with three access list examples. 


access lists. It conclui 
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Figure 13-6 

Wildcard 
masking uses 
Is and Os to 
identify how 
to treat IP 
address bits. 



do not check address 
(ignore bits in octet) 
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The administrator must carefully decide specific access controls logically and order 
statements to achieve intended controls. Permitted protocols must be specified 
other TCP/IP protocols are denied. 

Select which IP protocols to check. Any other IP protocols are not checked. Later in the^fl 
procedure, the administrator can also specify an optional destination port for 
granularity. 

Address filtering occurs using access list address wildcard masking to identify howto 
check or ignore corresponding IP address bits (0=check, l=ignore). The next section 
examines how to use wildcard mask bits in access lists. 

How to Use Wildcard Mask Bits 

IP access lists use wildcard masking to identify single or multiple IP addresses for permit- 
or deny tests. A wildcard mask is paired with an IP address and uses the numbers 1 and 
0 to identify how to treat the corresponding IP address bits (see Figure 13-6): : / 

• A wildcard mask bit 0 means “check the corresponding bit value in the IP : 
address.” 

• A wildcard mask bit 1 means “do not check (ignore) the corresponding bit 
value in the IP address." 


h both are 32-bit quantities, wildcard masks and IP subnet masks operate dif- 
, ltbo “ g Reca |, t hat the zeros and ones in a subnet mask determine the network, subnet, 
portions of the corresponding IP address. The zeros and ones in a wildcard 
. BH, h ? ust n oted, determine if the corresponding bits in the IP address should be 
peeked or ignored for access list purposes. 


-o 

t rm wildcard masking is a nickname for the access list mask-bit-matching process. 
SSL nickname comes from an analogy of a wildcard that matches any other card in a 

ppoker game. 

Bfou’ve seen how the zero and one bits in an access list wildcard mask cause the access 
JHl.r to either check or ignore the corresponding bit in the IP address. In Figure 13-7, this 
B&jrildcard masking process is applied. 


Octet bit position and 
address value for bit 


Examples 


128 64 32 1 6 8 4 2 1 Octet bit position and 

address value for bit 


Examples 

check all address bits 
(match all) 


Figure 13-7 

Using wild¬ 
card mask 
0 . 0 . 15 . 255 . 


Ail administrator wants to test an IP address for subnets that will be permitted or 
: denied. Assume the IP address is Class B (the first two octets are the network number) 
* with eight bits of subnetting (the third octet is for subnets). The administrator wants to 


ignore last 6 address bits 


ignore last 4 address bits 


check last 2 address bits 


1 
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use IP wildcard masking bits to match subnets 172.30 16 0 to 172 10 l I n u 

to use the wildcard mask to do this: -to.U to 172.30.3 1.0. Here is how 

• To begin, the wildcard mask will check the first two octets 1177 ■ 

responding zero bits in the wildcard mask. ' _ ' 3 ° USmg COr ‘ 

‘ SSiSS'T!* •"» 'D WIN no, be 
using corresponding one bit, in the wildcard mask. ,he final 0CT « 

using corresponding zero bits in the wildcard mask 8 ^ ° ff 

S “*l T* -** 

corresponding wildcard bits will be ones. ' '■ ,rv lr bm.ov 1. and the 

subnets. 1/2.JO.31.0. The wildcard mask will not match any other 

Matching Any IP Address 

“5 b “- - *— ^r 

abbreviation words reduce how manv nnmhV a ““ abbreviatlon words. These 
enter while configuring address test conditions On" W ' n ** t0 

viation instead of a long wildcard mask string 

will be permitted 0 in an accesTfist 2“ alThown'm Figur^l 3 7 addreSS 

bits for this address would be all ones (’that Is, 255.255 W ' <fcard mask 

2n TV 0 C ° mm —« condi- 

administrator can use the word any 255 ' 255 ^^ 
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Figure 13-8 

This abbrevia¬ 
tion means 
ignore any bit 
value in all bit 
positions, 
which has the 
effect of 
matching any¬ 
thing in all bit 
positions. 


Matching a Specific IP Host Address 

A second common condition in which Cisco IOS sofr*are will permit an abbreviation 
term in the extended access list wildcard mask :s "“ten the administrator wants to 
match all the bits of an entire IP host address, as shown in Figure 13-9. 

Test conditions: Check all the address bits must match all) 

An IP host address, for exanp*? 

172.30.16.29 

(check all bits all 
bits must match) 


Nk\\ 

Wildcard mask: 0.0.0.0 


Figure 13-9 

This abbrevia¬ 
tion means 
check the bit 
value in all bit 
positions, 
which has the 
effect of 
matching only 
the specified 
IP host 
address in all 
bit positions. 


Test conditions: Ignore all the address bs match any) 

Any IP address 
0 . 0 . 0.0 

Wildcard mask: 255.255 755753 
(ignore all' 


Consider a network administrator who wants to spe^ry that a specific IP host address 
will be denied in an access list test. To indicate a host IP address, the administrator 
would enter the full address, for example, 172.30.le.29. Then, to indicate that the 
access list should check all the bits in the address, the corresponding wildcard mask bits 
for this address would be all zeros; that is, 0.0.0.0. 

The administrator can use the abbreviation host to ccmmunicate this same test condi¬ 
tion to Cisco IOS access list software. In the example- instead of typing 172.30.16.29 
0.0.0.0, the administrator can use the string host 1 2J0.16.29. 


\ 
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IP Standard Access Configuration 

— - -» » . —b* fife, n , of i 

*&ZZ! -- 1 

-fee d» parameters anj fep™* fe« *, following ^ 

' ?r,tr^' d '- ife - *• » «** -a entry belong . niln ,fe, 

’ address. “ *» entry allows o, block, traffic from rhe specified 

for a “ jhb ""-'""n 

Only one «cjllarpor-pS£;SSTk 

fioa t ee(confip)«ip ^ 

"" » —« *» % «-* b «e the following mea„i„g, : 


• S *.„,e*r-I„dic.,« the nomber o„b, acre,, II,, ,o be linked ,„ , hi . 


Example 7. Permit My Network Only 

source network 172.S.O ^ fr ° m 

1 /i - 16 - 0 ' 0 network traffic is blocked. 


Chapter 13 • Basic Traffic Management with Access Lists 


Figure 13-10 

Permitting 
traffic from 
172.16.0.0 to 
pass. 


access-list permit 172.16.0 0 0.0.255.255 

(implicit deny all - not visible in the list) 

(access-list 1 deny 0.0.0.0 255.255.255.255) 

interface ethemet 0 
ip access-group 1 out 
interface ethemet 1 
ip access-group 1 out 

In the figure, the parameters of the access-list command are as follows: 

• 1—Access list number; indicates this is a standard list. 

• permit—Traffic that matches selected parameters will be forwarded. 

• 172.16.0.0—IP address that will be used with the wildcard mask to identify the 
source network. 

• 0.0.255.255—Wildcard mask; 0s indicate positions that must match, and Is 
indicate “don’t care” positions. 

Also in Figure 13-10, the command ip access-group 1 out links the access list 1 to an 
outgoing interface. 

To remove an access list, first enter the no access-group command with all of its set 
parameters, and then enter the no access-list command with all of its set parameters. 

Example 2: Deny a Specific Host 

Figure 13-11 depicts a sample access list to block traffic from a specific address. 

This access list is designed to block traffic from a specific address, 172.16.4.13, and to 
allow all other traffic to be forwarded on interface Ethernet 0. The first access-list 
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Confi 

- Configur ation 


Figure !3-n 

Denying a 
specific host. 


maTaaoT^h d | ny Par3meter r ° deny traffic f 

;° Uter aSSUm « - imSi7mask S the reSt f ° —hT^rs" f£!t£? ^ add -‘ 

,n the second access-list rn , ° m,tted ’ the 

tenus,firtt n k".^ n ( ;J^^;; affit from a^y IP address/wildcard 

,nj - not ™" h ,t ' fc -»' *0 *„ 

match the second one 

^/«. 0 .„, aSwcS . iS((/>w 

F'gure 13-12 depicts an access list r M , 

™- *«« »« » designed 

has been used for the IP 
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where the parameters and keywords have the following meanings: 


• access-list-number —Indicates the number of the access list to be linked to this 
interface. 


• in I out —Selects whether the access list is applied to the incoming or outgoing 
interface. If in or out is not specified, out is the default. 


The acetT 00 ^ ^ C °^9Ur ati 

^er. The ” co ^m a „ d Cr 9 ° rat 'On 

s ter(Conf i9)* ac S J COnd >tion stir 

source Cce ss-i ic . tate ment 

lest »bli,h rCe mas/ r (test * CCess -Hst n J c °uip/ e JH 

-here the „ ' U ° n «su2 m * r fP*r«t , . 

Parameters 3nd fc U ° n ■—* ,o Pe ‘ r £» »r ot ft 

■ r— «rep,e CP , tv ■ -»■*»»» ■» * 


• p r " *' '""V.»«, " r " K '*> » 

{ 0r Sample u 1 tr affic m 4 '’ no feq Ul /i 

Tc ■ , e ’ has .Art- , . t0 pass if „ , c Vua/> 

T/,e 'P access „ b,fs P ' 1cfe « uses <ln 

fettoan 

* r, "» " ,,u *. j 

«.: „„„ 


Remember that only one access list per port per protocol is allowed 
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Example 1: Deny FTP for EO 

Figure 13-13 shows an extended access list that blocks FTP traffic 


Figure 13-13 

An access list 
for a specific 
upper-layer 
application. 


172.16.3.0 172.16.0.0 J 172.16.4.0 


access-list 101 deny tep 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 
access-list 101 deny tep 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 
access-list 101 permit ip 172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 
(implicit deny all) 

(access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255) 


interface ethernet 0 
ip access-group 101 out 
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The permit statement allows tnffi - ( 

• ^y-rZZl', 1“ ,P "»• 

• tc P—Transport-layer pro ,« 0 ,. ^ 

• 172.16.4.0 and 0.0.0 255_c 

• Z'i-ZT, b “' ,b ' la —~ - 1** ** *» 

. ea20 , , <<n°wn port number for FTP. 

1-»-5p«o*«s*eo.e,H n „o, porlnmW 

Tkraffecrofrkeinrerfaeepo^^ , 

outg oing p„ rt interface E0. 8r ° Up 101 com ™nd is to link access list 101 to 

Exam P'e 2: Deny Only Telnet out of EO P ■ 

Figure 13-14 shows an th ' Perm,t A » Other Traffic 

shows another extended access list 


Figure 13-14 

An extended 
access list can 
deny specific 
protocol traffic 
from one 
source. 
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This example denies Telnet traffic (eq 23) from 172.16.4.0 being sent out interface E0. 
All IP traffic from any other source to any destination is permitted, as indicated by the 
keywords any any. Interface E0 is configured with the ip access-group 101 out com¬ 
mand; that is, access list 101 is linked to outgoing port interface E0. 

Named Access Lists 

Named access lists allow IP simple and extended access lists to be identified with an 
alphanumeric string (name) instead of the current numeric (1 to 199) representation. 

With prior numbered IP access list statements, an administrator wanting to alter an 
access list first would be required to delete all the statements in the numbered access list. 
This deletion uses the word no preceding each statement. 

Named IP access lists can be used to delete individual entries from a specific access list. 
Deleting individual entries enables you to modify vour access lists without deleting and 
then reconfiguring them. Use named IP access lists when: 

• You want to identify access lists intuitively using an alphanumeric name. 

• You have more than 99 simple and 100 extended access control lists to be con¬ 
figured in a router for a given protocol. 

Consider the following before implementing named IP access lists: 

• Named IP access lists are not compatible with Cisco IOS releases prior to 
Release 11.2. 

• You cannot use the same name for multiple access lists. In addition, access lists 
of different types cannot have the same name. For example, it is illegal to 
specify a standard access control list named “George” and an extended access 
control list with the same name. 


Most of the commonly used IP access list commands accept named IP access lists. 

The following commands can be used to define named IP address lists. To name the 
access list, use the following command: 

Router(config)#ip access-list {standard ; extended} name 

In access-list configuration mode, specify one or more conditions allowed or denied. 
This determines if the packet is passed or dropped: 

Router(config (std- | ext-)nacl)# 
deny {source [source-wildcard] J any} 
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P»r»it (source [source-wildcardj ; lny} 

extended ,ist njme d Inrernet_filter and an 

interface Ethernet 0/5 
iP address 2.0.5., 255.255.255 0 
■O aCCess '9 rou P I"ternet_fliter out 

P access-group marketing_g roup in 

1P a e ce as - list standard Internet niter- 
permit ,. 2 . 3.4 .'liter 

deny any 

ip access-list extended marketing 

Permit tcp any ,7,.69.0., ^° Up 

Peny tcp any any - 255.255 eg telnet 

Permit icmp any any 
Peny udp any , 7 ,.69.0.0 0 „ 255 
Peny ip any any log 0 ' 25 5-255 It , 024 

To activate the named access list on an interface use the foil 

Pouter(config.if access ’ f ° l,OW,n g command: 

-T-, p access-group {name ! i., 9q , 

The following is a cnnfi { ’ ° Ut}} 

ng is a configuration output example- 

n 1P access list extended come on 
permit tcp any , 7 ,.69.0.0 0. 0 . 255 
Peny tcp any any 255.255 eq telnet 

Permit icmp any any 
Peny udp any ,7,.69.0.0 0 0 2SS ... , 

Peny ip any any 255 ' 255 It ,024 

interface Ethernet 0/5 
ip address 2.0.5.1 255.255.255.0 
P access-group over_and out 
lp acc ess-group come_on in 

" P acces s-list standard over and 
Permit 1.2. 3 . 4 
Peny any 
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Where to Place IP Access Lists 

tUress fets are used to control traffic by filtering and eliminating unwanted packets. 
Where the administrator places an access list statement can reduce unnecessary traffic. 
Traffic that will be denied at a remote destination should not use network resources 
along the route to that destination. 

Suppose an enterprise’s policy aims at denying Token Ring traffic on router A to the 
switched Ethernet LAN on router D s F. I port, as shown in Figure 1.5-15. At the same 
time, other traffic must be permitted. Several approaches can accomplish this policy. 



Figure 13-15 

Place standard 
access lists 
close to the 
destination; 
place 
extended 
access lists 
close to the 
source. 


The recommended approach uses an extended access list. It specifies both source and 
destination addresses. Place this extended access list in router A. Then packets do not 
cross router As Ethernet do not cross the serial interfaces of routers B and C, and do 

not enter router D. Traffic with different source and destination addresses can still be 
permitted. 

The rule possible with extended access lists is to put the extended access list as close as 
possible to the source of the traffic denied. 

Standard access lists do not specify destination addresses. The administrator would 
have to put the standard access list as near the destination as possible. For example in 
Hgure 13-la, place an access list on EG of router D to prevent traffic from router A 


Verifying Access Lists 

The show ip interface command displays IP interface information and indicates if any 
access lists are set. Figure 13-16 shows the result of the show ip interface command. 








Introduction 


Configuration 


Figure 13-16 
This show ip 
interface out¬ 
put indicates 
that only an 
outgoing 
access list is 
set. 


Router#show ip interlace 
Ethernet 0 is up, line protocol is up 

Internet address is 192.54.222.2, subnet rr 
Broadcast address is 255.255 255 255 

m! eSS ,™ rm ' ned by non ' v °latile memo, 
MTU is 1500 bytes 

Helper address is 192.52.71 4 

Secondary address 131.192.115.2. subnet 

Outgoing access list 10 is set 

Inbound access list is not set 

Proxy APR is enabled 

Security level is default 

Split horizon is enabled 

ICMP redirects are always sent 

ICMP unreachables are always sent 

ICMP mask replies are never sent 

IP fast switching is enabled 

Gateway Discovery is disabled 

IP accounting is disabled 

TCP/IP header compression is disabled 

Routed 6 Pr ° Xy r6plleS are disabled 


mask 255.255.255.0 


Novell IPX Access Lists 

Cisc^routeTs'tar't'wlth'testing pTke^utng'lccesTl^. ^ thrOU8 ' 
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Figure 13-17 
Use the show 
access-lists 

command to 
view all 
blocked or 
permitted 
traffic. 


Testing Packets Using Novell Access Lists 

For the Novell IPX packet filters covered in this chapter, Cisco IOS access lists check the 
packet header for: 

• Destination and source IPX addresses using standard access lists; identify these 
lists with a number in the range 800 to 899, as shown in Figure 13-18. 

• Service advertisement numbers in addition to the other tests in SAP filter access 
lists; identify these lists with a number in the range 1000 to 1099. 

For all these Novell IPX access lists, after a packet is checked for a match with the access 
list statement, it can be denied or permitted use of an interface in the access group. 
(Cisco IOS software offers several other forms of access lists for Novell IPX packets. 
Refer to www.cisco.com for more information.) 


Key Concepts for IPX Access Lists 

Novell addressing is based on the network.node.socket format. The network number is 
assigned by the administrator; the node portion is derived from the MAC address of the 
individual interface. Serial lines adopt the MAC address of another interface in the cre¬ 
ation of their logical addresses. The socket number refers to a process or application 
(somewhat like the TCP segment). 










jj^r oduction to Cisco Router Confj w .» S 


Figure 13-18 


you can use 
access lists to 
filter IPX traf¬ 
fic from a spe¬ 
cific source or 
service. 


Frame 
Header 
(for example, 
novell-efher) 


Packet 
(IPX header) 


Packet 
(IPX header) 


Permit 


For example, AABBOOO 1.00001 B0JAC3J 0433 man k , 

J.U4P2 tan be interpreted as follow 

• AABBOOO 1 is the network address. 

• 00001B03AC33 is the node address. 

• 0452 is the socket number. 

ssrr; «•«■*—»- , 

assigned on a Cisco router’s interh-p "V" lnrerfates - The [px network 
numbers known to the file server. ' ^ mi ‘ St C Un ' qUe a " d consistenr w 'th the 

IPX standard access lists use numbers in the range 800 to 899 TBp , 

the ***“*>" add —• To 25 * 

ates like the mask used with IP addresses!" 3 Wlldcard mask t! 

SA J H,ters that USe numbers «** ™ 

For example, access lists can controls N’eares “ W (GNsf f T*™ 
Routing Info™,,™ Prorotol (RIP,. N«W a „ u2 £SSK!3SS 
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Controlling IPX Overhead 

IPX routing and advertising processes were developed to run on LANs. As LANs inter¬ 
connect with slower, more costly WAN links, as in Figure 13-19, overhead from IPX 
control packets can reduce the bandwidth available for user applications traffic. IPX 
servers broadcast service advertising (SAPs) details every 60 seconds. 


A B 

Server 
Advertising 
Routing 




C 


Routers broadcast routing information and metrics to other IPX routers. Figure 13-19 
shows four IPX networks and multiple servers that advertise routes and services. 

When a client workstation starts up, it sends its own SAP broadcast to find a server; 
then from the nearest server, the client can log in to a target server and run network 
applications from network drives. 

When packets from these protocols are unwanted, a network administrator can set up 
IPX access lists. With the standard access lists in this chapter, the permit/deny filtering 
acts on all IPX packets for the interface addresses. 


Figure 13-19 

Frequent 
updates 
reduce the 
bandwidth 
available for 
user traffic. 
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- access-,ist command to hirer traffic in an IPX network. Using filters on the 

net^orks e The e °7 °f restncts ' dlfferent protocols and applications on , 
networks. The complete form of the access-list command is: 

Router (config)Haccess-list access-last-number {deny J permit} sour 
network .source-node] lsource-node-mask][destination-network] 

{ ■destination-node][destination -node-mask] 

he parameters and keywords have the following meanings: 

800 to / Sr'”^ r_NUmber ° f thC 3CCeSS li5t - This is a deci ™' f' 

deny—Denies access if the conditions are matched, 
permit—Permits access if the conditions are matched. 
source-network — Number of the networP tV™ .u_i.... • , • 


number ot U matches the local network. A network number of -1 matches all 
networks You need not specify leading zeros in the network number- for 
example, for the network number 000000AA, you can enter just AA. 

sou rce-node (O ptionaI)—Node on source network from which the packet is 

b ' 1 J “ rf "ir'" <°™** 

Tb«Z de ' maSk ( ° pt : onal) 7 Mask to be a PP''«l to source node. This is a 
4S-b,t value represented as a dotted triplet of four-digit hexadecimal numbers 
(xxxx.xxxx.xxxx). Place Is in the bit positions you want to mask. 

i e bZ!t7 e T rk <0pt r a i 1, ~? Umber ° f the network to whith the P^ket 

is being sent. This is an eight-digit hexadecimal number that uniquely identifies 
wor cable segment. It can be a number in the range 1 to FFFFFFFE A 
network number of 0 matches the local network. A n«work number of'-l 

ZbeT for Y °“ " eed not leading zeros in the network 

number, for example, for the network number OOOOOOAA. vou can enter i„,t 


rhnpter 13 * Basic Traffic Management with Access Lists 


339 


. destination-node (Optional)—Node on destination network to which the 
packet is being sent. This is a 48-bit value represented by a dotted triplet of 
four-digit hexadecimal numbers (xxxx.xxxx.xxxx). 

. destination-node-mask (Optional)—Mask to be applied to destination node 
This is a 48-bit value represented as a dotted triplet of four-digit hexadecimal 
numbers (xxxx.xxxx.xxxx). Place Is in the bit positions you want to mask. 

Use the ipx access-group command to link an IPX traffic filter to an interface, as 
follows: 

Router(config-if)#ip* access-group access - list-number [in i out] 
where access-list-number is a specific IPX filter list from 800 to 899. 


Standard IPX Access List Example 

Figure 13-20 shows an access list permitting IPX traffic from network 2b destined for 
network 4d to be forwarded out EthernetO. 


Client 


Server 




ipx routing 

access-list 800 permit 2b 4d 
(implicit deny all) 
int e 0 

ipx network 4d 

ipx access-group 800 out 

int e 1 

ipx network 2b 
int e 2 

ipx network 3c 


y 


Figure 13-20 

A sample 
standard 
access list for 
IPX. 


Details of the access-list 800 command in Figure 13-21 are as follows: 

• gQQ—Specifies a Novell IPX standard access list 

• permit— Traffic matching the selected parameters will be forwarded 

• 2b —Source network number 
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• 4d—Destination network number 

• (implicit deny all) Not a valid configuration command, just a reminder that 
access lists filter traffic not specified to be forwarded 

Interface E0 is configured with the ipx access-group 800 out command; that is, access 
list 800 is linked to outgoing interface E0. 

The access list is applied to an outgoing interface and filters outbound packets. Notice 
that the other interfaces, El and E2, are not subject to the access list; they lack the access 
group statement to link them to the access list 800. 

IPX Extended Access List Configuration 

To define an extended Novell IPX access list, use the extended version of the access list 
global configuration command. Extended IPX access lists filter on protocol type with 
all other parameters being optional. For some versions of NetWare, the protocol type 
field is not a reliable indicator of the type of packet encapsulated by the IPX header. In 
these cases, use the source and destination socket fields to make this determination. 

The complete form of the IPX extended access list command is: 

Router(config)#access-list access-list-number {deny J permit} novel!- 

protocol source-network.[source address [source-mask]] source- 
socket] destination - network. [ destination-address [destination-mask]] 
destination-socket] [log] 

Some of the parameters shown in this access list were covered earlier in the discussion 
of standard access lists. Following are the meanings of the new parameters and ™ 
keywords: 

• access-list-number Number of the access list. This is a decimal number from 
900 to 999. 

• protocol— Name or number (decimal) of an IPX protocol type. This is sometimes 
referred to as the packet type. 

• source-socket Socket name or number (hexadecimal) from which the packet 
is being sent 
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. destination-socket (optional)—Socket name or number (hexadecimal) to which 
the packet is being sent. 

. log (optional)—Logs IPX access control list violations whenever a packet 
matches a particular access list entry. The information logged includes source 
address, destination address, source socket, destination socket, protocol type, 
and action taken (permit/deny). 

Use the following command to activate the IPX extended access list on an interface: 
Rout er(config-if )#ipx access-group access - list■number [in ! out) 

Normal IPX SAP Operation 

SAP broadcasts synchronize the list of available services. The NetWare file server acts 
like an IPX router. The Cisco router acts like a SAP server. 

If the router passed a SAP every time it received one, the WAN link would be flooded 
with SAP traffic. The router will not forward SAP broadcasts. 

Instead both file servers and routers listen to SAP messages and build a SAP table, as 
shown in Figure 13-21. All devices that build SAP tables advertise this information 

everv 60 seconds. 



Figure 13-21 

In normal IPX 
SAP opera¬ 
tions, the 
router does 
not forward 
SAP broad¬ 
casts; instead, 
devices build 
SAP tables 
and advertise 
the informa¬ 
tion. 


g I 


Jim 
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and r a ^ ^ COns,derabl ' ; overhead, because all these servers 

and routers send their own complete SAP table every 60 seconds. Over a WAN link 

(Cisco to Cisco), the 60-second SAP interval can be changed. However, other IPX 
devices may not tolerate the interval change. For interfacing with these other devices 
you may need to leave the SAP interval at 60 seconds. ’ 

To change the SAP update interval, use the command: 

ipx sap-interval interval 

Sttirir betwee " SAP up f ate n s sent by the router is specified in minutes. The 
default value is 1 minute. If interval is 0, periodic updates are never sent. 

How to Use SAP Filters 

Y<!)u must carefuHy plan for SAP filtering before configuring it. Make sure that all clients 

the SAp J filr ernSCm II tS neCeSSary e r L a PP lication Processing. You will need to enter 
e SAP hirers in all routers in which you want them to operate. Table 13-7 |j sts the 
most common SAP numbers. S the 


Table 13-2 


SAP Number 


Commonly 
used SAP 
numbers. 


4 

7 

278 


Server Type 

NetWare file server 
Print server 

NetWare directory server 


Piace SAP filters close to the source. Proper placement of SAP filters conserves critical 
bandwidth, especially on serial links. conserves critical 

The following list provides an example of SAP filter goals: 

deny type 7 (print server) SAP from 2a 

deny type 98 (access server) SAP from 5b 

deny type 24 (router) SAP to 7c 

deny type 4 (file server) SAP from 4a 

deny type 26a (NMS) 

deny type 7a (NetWare for VMS) from *8 


permit the remaining SAPs 
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When a SAP advertisement arrives at the router interface, the contents are placed in the 
SAP table portion of main memory. The contents of the table are propagated during the 
next SAP update. 

Figure 13-22 shows the two types of access list filters that control SAP traffic, listed here: 

• IPX input SAP filter. When a SAP input filter is in place, the number of services 
entered into the SAP table are reduced. The propagated SAP updates represent 
the entire table but contain only a subset of all services. Use this type of filter 
when you want to reduce the size of the SAP table. 

• IPX output SAP filter. When a SAP output filter is in place, the number of 
services propagated from the table is reduced. The propagated SAP updates 
represent a portion of the table contents and are a subset of all the known 
services. When you use this filter, your router still contains a list of all the 
known services. 


Input filter: Do not add filtered SAPs to SAP table 



Output filter: Do not add filtered SAPs to the SAP table sent 



SAP 




SAP 



1 SAP | 

SAP 

■1 SAP 

SAP | 


SAP 


SAP 



SAP Filter Configuration Commands 

Use the access-list command to control propagation of the SAP messages, as follows: 

Router(config)#access-list access-list-number {deny j permit} network 
[.node] [network-mask node-mask][service-type [server name ]] 


Figure 13-22 

You can apply 
the access list 
to the inter¬ 
face as an 
input or out¬ 
put SAP filter. 
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SAP advertise¬ 
ments are fil¬ 
tered through 
the access list. 


Network 9e 


Network 1 


Token 

v R'ng, 


Network 3d 


Network 4a 


access-list 1000 deny 9e.1234.5678.1212 4 
access-list 1000 permit-1 
interface ethernet 0 
ipx network 9e 
interface ethernet 1 
ipx network 4a 
interface serial 0 
ipx network 1 
ipx output-sap-filter 1000 


9e.1234.5678.1212—Source network address of SAP advertisement 
4—Type of SAP service; advertises file service 


Details of the access-list 1000 permit -1 command are as follows: 


1000—Access list number 


permit—SAP services matching parameters will be forwarded 
-1—Source network number; -1 means all networks 


The ipx output-sap-filter 1000 command places list 1000 on interface SO as an output 
SAP filter. By applying the list as an outgoing interface, you can restrict the advertise¬ 
ments onto the serial link. It is preferable to restrict traffic at the point closest to the 
source. 

Server C in Figure 13-23 is in the upper-left corner. Specifically, network 9e is the source 
with a MAC address ending in 1212. The complete identifier for the server is 
9el234.5678.1212. The value 4 at the end of the first line of the access list identifies the 
type of service. This value indicates a file server SAP advertisement. So the complete line 
denies file service advertisements, from server 9e. 1234.5678.1212, out of the router. 

The access-list 1000 permit -1 command allows all other advertisements to propagate 
onto the serial line. 






-- Router Confeu,^ ! 

Example 2: SAP Filtering on Input 



rigure u-24, print server adv< 
'"to the SAP table. All other SAP 
table. Note that the first line of the 
also the ipx input-sap-filter 1001 
as an input SAP filter 


-rtisements from Servers A and 
services from any source will b 
access list specifies service type ; 
command, which places list 100 


This access 
list will not 
allow print 
server infor¬ 
mation from 
servers A and 
B into the local 
SAP table. 


Network 9e 


Network 7f 


Network 1 


Network 3d 


Network 4a 


access-list 1001 deny 3d 
access-list 1001 permit-1 
interface ethernet 0 
ipx network 9e 
interface ethernet 1 
ipx network 4a 
interface serial 0 
ipx network 1 
ipx input-sap-filter 1001 


Verifying IPX Access Lists 

The s h ° w ipx in(erface command d 

interface. Figure 13-25 shows that the inpu 
Also m Figure 13-25, the show access-lists 


configuration of the 
fie output filter list is 


command displays the contents of lists 800 
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Router#show ipx interfacel/1 Figure 13 25 

Always verify 

Ethernet 1/1 is up. line protocol is up IPX access 

IPX addess is 10.0000.0c0d.724f. NOVELL-ETHER [up] n sts a ft er you 

Delay of this IPX network, in ticks is 1 through 0 link delay 0 configure 

IPXWAN processing not enabled on this interface. them. 


IPX SAP update interval is 1 minute(s) 

IPX type 20 propagation packet forwarding is disabled 
Incoming access list is not set 
Outgoing access list is not set 
IPX helper access list is not set 

SAP GNS processing enabled, delay 0 ms, output filter list is not set 
SAP Input filter list is not set 
Sap Output filter list is not set 
SAP Router filter list is not set 

Input filter list is 800 
Output filter list is 801 



Testing Packets Using AppleTalk Access Lists 

As shown in Figure 13-26, Cisco IOS access lists check the AppleTalk packet header 
for: 

• Cable range or network numbers; identify these with a number in the range 600 
to 699. 

• Zone Information Protocol (ZIP) replies; identify these also with a number in 
the range 600 to 699. (This type of access list is referred to more specifically as 
a zip-reply-filter access list.) 

After a packet is checked for a match with the access list statement, it can be denied or 
permitted use of an interface in the access group. Note that Cisco IOS software offers 
several other forms of access lists for AppleTalk packets that will not be covered in this 
chapter. 
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Figure 13-27 

Zones are 
subsets of 
nodes within 
an AppleTalk 
network. 


Key Concepts for AppleTalk Access Lists 

A key AppleTalk concept hides network numbering from end users. End users may see 
zones and resources, but numeric configuration is a hidden issue for the network admin¬ 
istrator. 

Administrators can use AppleTalk filters to control traffic by referring to the 16-bit net¬ 
work number portion of a full 24-bit address. Because the node portion is dynamically 
assigned as AppleTalk nodes come up, these node numbers are not predictable for 
access list entries. 

Although earlier AppleTalk networks offered a single nonextended network on a single 
medium, current AppleTalk uses extended addressing, which means that more than one 
AppleTalk network can occupy the same physical media. Express one or more Apple- 
Talk networks on the medium as the cable range. 

An administrator can filter an entire cable range. ZIP filters are one method for reducing 
AppleTalk zone information update distribution traffic. 
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As with other access lists, an implicit deny performs the last test of the access list. In 
AppleTalk, the default is to deny all other network access. The appletalk access-group 
command is used to apply the AppleTalk access lists to one or more interfaces. In addition 
to the normal implicit deny, the AppleTalk-specific access-list other-access command may 
define checks for networks or cable ranges not explicitly tested in previous statements. 

By filtering networks, the administrator can permit or prevent data packets and routing 
update packets on the specified interface. Routing updates use the AppleTalk Layer 3 
protocol Routing Table Maintenance Protocol (RTMP). 

Zone filtering is a process used in large AppleTalk networks to keep ZIP traffic to a min¬ 
imum. These access lists focus on GetZonel.ist (GZL) packets. GZL packets are sent by 
a node to obtain a list of all the zones in the internetwork. The administrator must use 
separate access list statements for zone filtering. 

AppleTalk Access List Commands 

The access-list command permits or denies an entire cable range, as follows: 

Router(config)#access-list number (permit | deny} cable-range cable- 
range 

The access-list other-access command defines the default action (permit or deny) to take 
for other networks or cable ranges, as follows: 

Router(config)#access-list number (permit \ deny} other-access 

The appletalk access-group command links the access list to one or more specified inter¬ 
faces, as follows: 

Router(config)#appletalk access-group access-list-number 

For nonextended AppleTalk networks, use the following access-list command: 

flouter(config)#access-list number (permit | deny} network network- 
number 

In Figure 13-29, interface El connects to a cable that supports networks 100-105. The 
network administrator wants to allow some but not all of these networks to access 
interface E0. The access list shows configuration statements in router A. 

The number of the access list (601) indicates that it is an AppleTalk access list. The first line 
of the access fist denies traffic within cable range 100-102 from being forwarded. The sec¬ 
ond line of the access list permits traffic within the cable range 103-105 to be forwarded. 

The command appletalk access-group 601 applies list 601 to interface E0 as a cable- 
range filter for AppleTalk networks. 
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Figure 13-29 

Router A's 
access list per¬ 
mits or denies 
access to EO 
for traffic from 
cable range 
100-105. 


Verifying AppleTalk Access Lists 

Use the show appletalk access-lists command to display the access lists that are set up 
for AppleTalk. For example, the output in Figure 13-30 verifies the access lists that per¬ 
mit zone information from Zone A to Zone B. 


Router B 


Figure 13-30 
Use the show 
appletalk 
access-lists 

command to 
verify your 
access lists 
after configur¬ 
ing them. 


Router>show appletalk access-lists 

AppleTalk access list 601: 
permit zone ZoneA 
permit zone ZoneB 
deny additional-zones 
permit network 55 
permit network 500 
permit cable-range 900-950 
deny includes 970-990 
permit within 991-995 
deny other-access 


appletalk routing 

access-list 601 deny within cable-r, 
access-list 601 permit within cable- 
interface ethernet 0 
appletalk access-group 601 


ZIP Reply Filter Configuration 

Zone Information Protocol (ZIP) 

■n zone information tables (ZITs). 
information tables. As noted earli 
minimum. 

Use the access-list zone command to 
access list number in the number rang 

Router (config)#access-list 
Router (config)#access-list 

where zone-name is the name assignee 
specifies the action to take for all 01 
command. 


Summary 

In review, the following access lists were covered in this chapter: 


maintains network-number-to-zone-name 

er 7^ e , am ab ° Ut Z ° neS b >' ^changing 
’ Altering can be done to keep ZIP r 


IP standard access lists (1-99) 

IP extended access lists (100-199) 

New for Cisco IOS Release 11.2, named IP access lists 
Novell IPX standard access lists (800-899) 

Novell SAP filter access lists (1000-1099) 

AppleTalk standard access lists (600-699) 


must use an 


zone 


mterface aPPletalk command 


’ me access 


o 

AppSKof 'Z P ""'" r “ mi “ ' h ' ““ *»•«« viable (ron, ,ke b, „,h„ 


• AppleTalk zone reply filter access lists (also 600-699) 

In this chapter, you’ve focused on how access lists are used to implement security and 
reduce unnecessary network traffic. You have looked primarily at TCP/IP, IPX/SPX, and 
AppleTalk access lists. You learned how to test, configure, and verify these three kinds 
of access lists. Refer to Appendixes B and C for DECnet and VINES information. Chap¬ 
ter 14, “Introduction to WAN Connections,” covers WAN services using serial links 
and the Point-to-Point Protocol (PPP). 













Question 13.10 

What command do you issue to display the contents of an AppleTalk access list? 











• o 



Introduction to 
WAN Connections 


This chapter discusses how WANs are set up, how a user subscribes to phone services 
for the network, and what a WAN frame looks like. It also presents the Point-to-Point 
Protocol (PPP). 

WAN Services 

A WAN is different from a LAN. With a WAN, you must subscribe to an outside WAN 
provider to use network resources that your organization does not own. Basic telephone 
service is the most commonly used WAN service. Telephone service and data service 
routed from the customer premises interface with the service provider’s cloud at a cen¬ 
tral office (CO), as shown in Figure 14-1. 

An overview of the WAN cloud organizes WAN provider services into three main types: 

• Call setup service 

• Time-division multiplexing (TDM) 

• X.25 or Frame Relay service 


Call setup service sets up and clears connections between endpoints. For example, when 
a branch office needs to exchange data with the corporate headquarters office, the call 
setup process establishes a connection between the routers on each end of the WAN 
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Figure 14-1 

There are 
three types of 
WAN service 
providers. 


Figure 14-2 

The provider 
assigns con¬ 
nection 
parameters to 
the subscriber. 


WAN Service Provider Toll Network 


CO Switch 


Local Loop 
Demarcation 


Time-Division 


Central, 
Office 
(CO) ' 


Multiplexed Circuits 
(56/64 kbps orTl/EI) 


Customer 

Premises 

Equipment 


Trunks and Switches 


X.25/Frame 
Relay Networks 


Point-to-point or 
circuit-switched 
connection 


Basic 

Telephone 

Service 


Basic 

Telephone 

Service 


The most commonly used terms for the main parts of a user-provider WAN are: 


r 0 ss nCethe conn-on has been established, the link 
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to transfer data 


Customer premises equipment 

Demarcation 

Local loop 

Central office switch 

Toll network 


Customer Premises Equipment (CPE) 

CPE devices are physically located on the subscriber’s premises. They include both 
devices owned by the subscriber and devices leased to the subscriber by the service pro¬ 
vider. For example, terminals, telephones, and modems that connect to the provider ser¬ 
vice are considered customer premises equipment. The WAN subscriber should know 
how to interface the CPE elements to the provider service. 


Demarcation 


The demarcation point (or demarc) is the juncture at which the CPE ends and the local 
loop portion of the service begins. The demarc often occurs at a telecommunication 
closet (a room containing a punch-down block of provider wiring). 
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Subscriber to Provider Interface 

A kev interface in the customer premises occurs between the data terminal equipment 
(DTE) and the data circuit-terminating equipment (DCE), as shown in Figure 14-3. The 
lower portion of Figure 14-3 depicts the DTE/DCE at each endpoint of a switched 

WAN. 

Figure 14-3 

The DTE/DCE 
is the point 
where respon¬ 
sibility passes 
from the call¬ 
ing subscriber 
to the provider 
and then back 
to the called 
subscriber 
on the other 
end of the 
connection. 


Tvpicallv, DTE is the router where the packet switching application resides. The DCE 
is the device used to convert the user data from the DTE into a form acceptable to the 
WAN service’s facility. As shown in Figure 14-3, the DCE can be a modem, channel ser¬ 
vice unit/data service unit (CSU/DSU), or Terminal Adapter/Network Termination 1 
(TA/NT1). 

Data communication over WANs interconnects DTEs so they can share resources over 
a wide area. The WAN path between the DTEs is called the link, circuit, channel , or 
line. The DCE primarily provides the interface of the DTE mto the communication link 
in the WAN cloud and may provide the clocking. The DTE/DCE interface acts as a 
boundary where responsibility for the traffic passes between the WAN subscriber and 
the WAN provider. 

The DTE/DCE interface uses one of various protocols available, such as EIA/TRA 232 
or X.25. These protocols establish the codes that the devices use to communicate wit 
each other. This communication determines how call setup operates and how user traf¬ 
fic crosses the WAN. 

Data switching equipment (DSE) is an additional term sometimes used to describe the 
switch components that appear inside the WAN cloud. The DSE adds and removes 
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Using WAN Services with Routers 

You can access three forms of WAN services with Cisco routers: 
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Figure 14-4 depicts these three forms of WAN service. 


WAN Frame Format Summary 
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Figure 14-5 

These for¬ 
mats assume 
framing on 
dedicated 
WAN facilities. 


LAPB, used by X.25, is derived from HDLC. HDLC is the popular ISO-standard bit- 
oriented data-link protocol that encapsulates data on synchronous serial data links. 
Frame Relay also uses a variation of HDLC. 

HDLC does not inherently support multiprotocols on a single link because it does not 
have a standard way to indicate which protocol it is carrying. The Cisco HDLC frame 
uses a proprietary type field that acts as a protocol field, which makes it possible for 
multiple network-layer protocols to share the same serial link. 

PPP extends the basic HDLC frame by incorporating a protocol field. The protocol field 
identifies the protocol encapsulated in the information field of the frame. 
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Figure 14-6 

PPP can carry 
packets from 
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col suites 
using Network 
Control 
Programs. 


PPP Encapsulation 
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Aim Overview of PPP 

Developers on the Internet designed PPP m m ,i, l 

I'nks. PPP, originally described in RFCs 1661 and C 1 ' “ nnect,on for Point-to-point 
protocol information over point-to-point links RFr '; encapsulat es network-layer 
PPP Vendor Extensions. RFC 1661 15 upd «e d by RFC 2153, 

You can configure PPP on the following types of physical interfaces: 

• Asynchronous serial 

• HSSI (High-Speed Serial Interface) 

• ISDN 

• Synchronous serial 


Layering PPP Elements 

PPP uses a layered architecture, as shown in Figure 14-7. With its lower-level functions. 
PPP can use: 


Synchronous physical media like those that connect ISDN 

Asynchronous physical media like those that use basic telephone service for 
modem dialup connections 


Figure 14-7 
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PPP offers a rich set of services that control setting up a data link. These services are 
options in LCP and are primarily negotiation and checking frames to implement the 
point-to-point controls an administrator specifies for the call. 

With its higher-level functions, PPP carries packets from several network-layer proto¬ 
cols in NCPs. These are functional fields containing standardized codes to indicate the 
network-layer protocol type that PPP encapsulates. 


IP 

IPX 

Layer 3 Protocols 

Network 

Layer 


IPCP 

IPXCP 

Many Others 


PPP 

f 

Network Control Protocol 

Data 

Link 


Authentication, other options 

Layer 



Link Control Protocol 



Synchronous or Asynchronous 
Physical Media 

Physical 

Layer 









Introduction to Cisco Router 


Configurai 


Introduction to WAN Connections 


Vpacket fragmentation and sequencing, as specified in RFC 1717, splits the load for PPP 
godsends fragments over parallel circuits. In some cases, this “bundle"’ of multilink PPP 
pipes functions as a single logical link, improving throughput and reducing latency 
•between peer routers. RFC 1990, The PPP Multilink Protocol IMP), obsoletes RFC 

■1717. 


use PPP encapsulation include the 

How It Operates 

Require a password 
Perform Challenge Handshake 
Compress data at source; 
Reproduce data at destination 
Monitor data dropped on link 
Avoid frame looping 
Load balancing across 
multiple links 


options. RFC 1548 


options shown in Table 14-1 
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l PPP Session Establishment 

7 A PPP session establishment has three phases, as shown in Figure 14-8 
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Figure 14-8 

PPP session 
establishment 
has three 
phases. 
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PPP Session Establishment 

1 Link Establishment Phase 

2 Optional Authentication Phase 

3 Network-Layer Protocol Phase 
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• he callback server answers the initial call am 
based on its configuration statements. This option i 

Compression options increase the effective through, 
the amount °f data in the frame that must travel* 
presses the frame at its destination. 

Two compression protocols available in Cisco route 

Error-detection mechanisms with PPP enable a proc, 
Quality and Magic Number options help ensure a n 

balancing 111 and later support multilink ] 

Balancing over the router interfaces that PPP 


Phase 2: Authentication (Optional) 

i er 1 'b e bnk has been established and the authentication protocol decided on, the peer 
y e authenticated. Authentication, if used, takes place before entering the network- 
“yer protocol phase. 

gPP supports two authentication protocols: PAP and CHAP. Both of these protocols are 
* ' n RPC 1334, PPP Authentication Protocols. However, RFC 1994, PPP Chal- 
andshake Authentication Protocol, obsoletes RFC 1334. 
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Phase 3: Network-Layer Protocol 

In this phase, the PPP devices send NCP packets to choose and configure one nr 
network-layer protocols (such as IP). After each of the chosen network-lav^ „ "“T 

has been configured, datagrams from each network-laver protocol can be sent ' J 

and so on. SUPP ° rtS P"*™** -cludmg IP, IPX, AppleTalk, 

Selecting a PPP Authentication Protocol 

When configuring PPP authentication, you can select PAP or CHAP. In general. CHA> 1 
is the preferred protocol. 8 eral > 

PAP 

PAP provides a simple method for a remote node to establish its identity using a JtL 
establishment.^ 6 ' F ‘ gUre ' 4_9 ' PAP is done onl y u P on ln '^I link' 


Figure 14-9 

In PAP, pass¬ 
words are sent 
in cleartext. 


PAP 



'mm 


After the PPP link establishment phase is complete, a username/password pair is rep 
e ^ sent by the remote node to the router until authentication is acknowledged or At 
connection is terminated. 

PAP is not a strong authentication protocol. Passwords are sent across the link in dt 
text and there is no protection from playback or repeated mal-and-error attacks. I 
playback attack occurs when an analyzer captures the packets and plays them I 
onto the network from another device.) The remote node is in control of the f 
and timing of the login attempts. 


-T TIPS 


Use PAP only if the device requiring authentication does not support CHAP. 


■ CHAP 

CHAP is used at the startup of a link, and periodically to verify the identity of the 
t remote node using a three-way handshake. 

I After the PPP link establishment phase is complete, the local router sends a “challenge” 
l message to the remote node. The remote node responds with an encrypted ID number, 
a secret password, and a random number. The local router checks the response value 
I against its own calculation. If the values match, the authentication is acknowledged; 
^Otherwise, the connection is terminated immediately. Figure 14-10 summarizes this 
K: process. 


CHAP 

3-Way Handshake 



Figure 14-10 

CHAP uses a 
"secret" 
known only to 
authenticator 
and peer. 


RfHAP provides protection against playback attack through the use of a variable chal- 
j* e va ue r ^ at ls unique and unpredictable. The use of repeated challenges is intended 
fc. t . t ^ le r * me exposure to any single attack. The local router (or a third-party 
fjcntication server such as TACACS) is in control of the frequency and timing of the 
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Use the debug ppp authentication command to display the 
occurs. An example of a CHAP exchange follows: 

ddd c SCna ! l: ^ CHAP challen 8 e id =34 to remote 
PPP Serial 1: CHAP challenge from P1R2 

PPP Serial 1: CHAP response received from P1R2 
PPP Serial 1: CHAP response id=34 received from PI 
PPP Serial 1: Send CHAP success id=34 to remote 
PPP Serial 1: Remote passed CHAP authentication. 
PPP Serial 1: Passed CHAP authentication with remote 


;e sequence as 


Configuring PPP Authentication 

The routers on each side of the WAN link 
as shown in Figure 14—11. 


must be configured for PPP authentication 


Figure 14-11 

PPP authenti¬ 
cation config¬ 
uration 
commands. 


Hostname: Router A 
\ Password: cisco 


Hostname: Router B 
Password: cisco 


Dialup or 
Circuit-Switched 
. Network / 


Authenticating Router 

(The router that received the call.) 

1 hostname Router A 

2. username Router B password cisco 

3. ppp authentication Chap 


Router to Be Authenticated 
(The router that initiated the call.) 

1. hostname Router B 

2. username Router A password cisco 

3. ppp authentication Chap 


To configure PPP authentication, do the following: 

1. On each router, define the username and | 
router. The command format is: 
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• secret —On Cisco routers, the secret password must be the same for both 
routers. 

Add a username entry for each remote system that the local router communi¬ 
cates with and requires authentication from. The remote device must also have 
a username entry for the local router. 

To enable the local router to respond to remote CHAP challenges, one user- 
name name entry must be the same as the host name, name entry that has al¬ 
ready been assigned to your device. 

2. Enter interface configuration mode for the desired interface. 

3. Configure the interface for PPP encapsulation. 

Router(config)#encapsulation ppp 

4. Configure PPP authentication. 

Router(config)#ppp authentication {chap | chap pap | pap chap 

; pap}'** 

There are four different options available for PPP authentication: 

• CHAP only (CHAP) 

• CHAP and then PAP (CHAP PAP) 

• PAP and then CHAP (PAP CHAP) 

• PAP only 

If both PAP and CHAP are enabled, the first method specified will be requested 
during link negotiation. If the peer suggests using the second method or simply 
refuses the first method, the second method will be tried. 

The following commands can be used to simplify CHAP configuration tasks on the 
router: 

• Using the same host name on multiple routers—When you want remote users 
to think they are connecting to the same router when authenticating, configure 
the same host name on each router. 

Router(config-if)#ppp chap hostname hostname 

• Use a password to authenticate to an unknown host—To limit the number of 
username/password entries in the router, configure a password that will be sent 
to hosts that want to authenticate the router. 

Router(config-if)#ppp chap password secret 
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Verifying PPP 

fIt n comrnand° nfi8Ured ’ ^ Ca " ^ LCP and NCP states usln « the show ‘"ter- 
ISE>h?interface. 2 ' ^ eXamP ' e ’ ^ adminiStrat0r used command to monitor an 

^'^Theshow PIRIffshow interfaces si 

° W Seriall is up, line protocol is up 

T Hardware is HD64570 

used T 'fv Internet address is 10.1. 1 .2/24 

that PPP EnrapsltatlonPPp'kJ^b 4 .° L Y ?°° 00 USeC ' rely 255/255 ' load 1 /255 

encapsulation LCPOpen' PPP ’ k>0pb k n0t set ' kee P allve (10 sec) 

’ S C ° nr TnZ ° Pen: IPCP - CDP - ATALK CP, IPXCP 

interlace , L f! i " pu * 00: ° 0:0A - output 00:00:00. output hang never 

Last clearing of show interface" counters never 
Input quere: 0/75/0 (size/max/ drops); Total output drops- 0 
Queueing strategy: weighted fair 
Output queue: 0/64/0 (size/threshold/drops) 

Conversations 0/4 (active/max active) 

Reserved Conversations 0/0 (allocated/max allocated) 

5 minute input rate 0 bits/sec, 0 packets/sec 
5 minute output rate 0 bits/sec, 0 packets/sec 
51938 packets input, 1634908 bytes. 0 no buffer 

- - more - - 


Summary 

2pect a o Pt s e D eaficWAM ded T™™ u ° f WAN services -tup elements. With 
sTzes X p c?nd p d f rV1 T 'u 3 ' C3n be U$ed With Gsco routers ’book empha- 
RememK U t?™ * wh ‘ ch are COVered in more d «a,l in the next two chapters 

PPP In add Sent r ° UterS h"? ^ °1 * ™ COnne « io " must be configured with 

for^securhy purposes. *° PAP “ CHAP -thenttcatton ,or both, 
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Chapter Fourteen Test 
Introduction to Serial Connections 


Estimated Time: 1 5 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 

Question 14.1 

T F A WAN subscriber must know how to interface customer premises equipment 
to the provider service. 

Question 14.2 

T F PPP sets data-link encapsulation capable of transmitting packets from multiple 
protocols. 

Question 14.3 

For each of the following definitions, write the letter of the term that most closely 
matches it. 

Terms: 

A. Call setup service 

B. Time-division multiplexing (TDM) 

C. X.25 or Frame Relay service 
Definitions: 

_(a) Uses a separate channel for control messages between transfer points to a 

called destination. 

_(b) Statistically allocates bandwidth on a single channel to multiple circuits. 

_(c) Also known as signaling. 

_(d) Uses fixed time slots to eliminate congestion. 

_(e) Packets of information share a nondedicated channel. 

_(f) Sets up and clears calls between users. 

_(g) Route is a dedicated path between sending location and receiving location. 

_(h) Uses virtual circuits to avoid call setup delays. 
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Question 14.4 

S'cS WAN *«** « *• *?«' — VO" can access 

A. __ 

B. __ 

C. __ 

Question 14.5 

encapsulation? 1 ^ V “ **' is confined f„ PPP 


Question 14.6 

What command do you issue to display the CHAP exchange sequence? 



This chapter covers X.25 routing. It presents an overview of the X.25 protocol and 
explains how packets are addressed and encapsulated in X.25. It also looks at how to 
configure X.25 routing and verify your configuration. 


X.25 Overview 

X.25 is a standard that defines the connection between a terminal and a packet-switch¬ 
ing network. X.25 offers the closest approach to worldwide data communication avail¬ 
able. Virtually every nation uses some X.25-addressable network. 

X.25 originated in the early 1970s. The networking industry commonly uses the term 
X.25 to refer to the entire suite of X.25 protocols. 

Engineers designed X.25 to transmit and receive data between alphanumeric “dumb” 
terminals through analog telephone lines. X.25 enabled dumb terminals to remotely 
access applications on mainframes or minicomputers. 

Because modern desktop applications needed LAN-to-WAN-to-LAN data communica¬ 
tion, engineers designed newer forms of wide-area technology: Integrated Services Dig¬ 
ital Network (ISDN) and Frame Relay. In many situations, these newer WANs 
complement or extend, rather than replace, X.25. 

Many different network-layer protocols can be transmitted across X.25 virtual circuits 
(VCs), through a process often referred to as tunneling. In tunneling, datagrams or 
other Layer 3 packets are encapsulated within the X.25 Layer 3 packets for transport 
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X.25 supports the following types of communication: 

• IP 

• AppleTalk 

• Novell IPX 

• Banyan VINES 

• XNS 

• DECnet 

• ISO-CLNS 

• Apollo 

• Compressed TCP 

• Bridging 


X.25 Protocol Stack 

° p ' n s,s " m hym ° f ** 

prov.de reliability and sliding windows Layers 3 and^ Ba ' aaced (LAPB > at Layer 2 

s and —*■“* »■— * r:/: h ““ z?Jz 
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Figure 15-2 

X.25 maps to 
the lower lay¬ 
ers of the OSI 
model. 


3 
2 
1 

LAPB provides a confirmed data service between two points. All data sent will be 
actively confirmed, and the service guarantees point-to-point ordered delivery with no 
drops or duplication. If this service cannot deliver, the protocol resets with a set asyn¬ 
chronous balanced mode (SABM) or SABM extended (SABME) that disrupts the Laver 
3 service, which will in turn RESTART. 

The X.25 packet level protocol (PLP) depends on the LAPB service guarantees. The net¬ 
work layer provides multiplexed connections over the point-to-point LAPB connection. 
PLP also guarantees ordered delivery with no drops or duplication. If service is dis¬ 
rupted, a VC will signal the possible loss of data (RESET) or will be brought down 
(CLEAR). 

X.25 evolved in the days of analog circuits when error rates were much higher than 
today. For analog circuit technology at Layer 1, it is more efficient to build reliability 
into the network at the hardware level. With digital or fiber-optic technologies, the error 
rates have dropped dramatically. Newer technologies such as Frame Relay have taken 
advantage of drops in error rates by providing a stripped-down “unreliable” data link. 

X.25 was designed in the days of alphanumeric terminals and computing on central 
time-sharing computers. Demands on the packet switch were lower than today. Com¬ 
plex applications on desktop workstations demand more bandwidth and speed. Newer 
technologies such as ISDN and X.25 over Frame Relay add packet-switching capability. 

X.25 DTE and DCE 

Each station on an X.25 attachment is either a DTE or a DCE. The X.25 DTE is typi¬ 
cally a router or a packet assembler/disassembler (PAD). The X.25 packet-level DCE 
typically acts as a boundary function to the public data network (PDN) within a switch 
or concentrator. Figure 15-3 illustrates the relationship between the DTEs and DCEs in 


OSI Reference Model X.25 Protocol 
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Figure 15-3 

DTE is usually 
a subscriber's 
router or PAD, 
and DCE is 
usually a PDN's 
switch or 
concentrator. 


Public Data Network (PDN) 


X.25 DTE: 

Usually a subscriber's 
router or pad 


X.25 DCE: 

Usually a PDN's switch 
or concentrator 


X.25 DTE: 

Usually a subscriber's 
router or pad 


the PDN. The X.25 switch at the c. 
ment (DSE). 

Although the terms DTE and DCE 
X.25 stack, the uses shown in Figur 


at all three of the layers associated with the 
I are independent of the physical-layer DTE/ 

The X.25 protocol implements virtual circuits between the X.25 DTE and X.25 DCE. 


X.25 (X. 121) Addressing Format 

The format of X.25 addresses is defined by the ITU-T X 1 
shows the X.25 addressing format. 


21 standard. Figure 15-4 


Figure 15-4 

X.25 

addresses fol¬ 
low a specific 
format. 


4 decimal digits 


Up to 10 or 11 decimal digits 


Data Network ID Code 


Network Terminal Number 


The first foi 
field is the < 


counfiv c P H Clfy f ^ klentlfic «'™ Code (DNIC). Tins address 

country code and provider number assigned by the ITU. 
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The remaining 10 digits specify the network terminal number (NTN); the first eight dig¬ 
its are assigned by the packet-switched network (PSN) provider, and the last two digits 
are an optimal subnumber assigned locally. These last two digits may be used to identify 
a particular application or device. The first eight digits along with the fourth DNIC digit 
form the unique address allocated to users when they come up on the X.25 network. 

Private X.25 networks may assign addresses that best fit their network architecture. 

Only decimal digits are legal for X.121 addresses. The router accepts an X.121 address 
with as few as 1 or as many as 15 digits. Some networks allow subscribers to use sub¬ 
addresses (the last two digits after the assigned base address). 

For different network protocols to connect across X.25, statements are entered on the 
router to map the next-hop network-layer address to an X.121 address. For example, 
an IP network-layer address is mapped to an X.121 address to identify the next-hop 
host on the other side of the X.25 network. 

These statements are logically equivalent to the LAN Address Resolution Protocol 
(ARP) that dynamically maps a network-layer address to a data-link MAC address, as 
shown in Figure 15-5. Maps are required for each protocol because ARP is not sup¬ 
ported in an X.25 network. 


A critical step in configuring a Cisco router for X.25 is manually mapping X.121 
addresses to network-layer addresses. 


Key 

Concept 


Figure 15-5 

Mapping a 
network-layer 
address to an 
X. 12 7 address 
is a manual 
configuration 
task. 


Token 

v Ring 


Destination 

MAC 


Destination 

X.121 












Action to Cisco Router Tnnfio, 


uratioi 


Figure 15-6 

Protocol data- 
grams are reli¬ 
ably carried 
inside X.25 
frames. 


IP Network 


IP Network 


Data-Link 

Frame 

(LAPB) 


X.25 

Header 


IP Datagram 


Similarly, j n an X.25 environment, th 
the datagram from the packet or pac 
and analyzes the datagram to identi 
etermination, the router reencapsul; 
going media as it forwards the traffic. 

X.25 Virtual Circuits 

bariVrKn r ! Ual Circu,t <VC> 15 used in 
CN), logical channel number (L 

A VC can be a permanent virtual circt 
circuit (SVC). An SVC exists onlv for t 
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There are three phases associated with SVCs: 

• Call setup 

• Information transfer 

• Call clear 

A PVC is similar to a leased line. Both the network provider and the attached X.25 sub¬ 
scriber must provision, or make available, the virtual circuit. PVCs use no call setup or 
call clear that is apparent to the subscriber. Any provisioned PVCs are always present, 
even when no data traffic is being transferred. 

As shown in Figure 15-7, VCs carry data through the X.25 cloud. 



Switched Virtual Circuits Permanent Virtual Circuits 

(SVCs) (PVCs) 


The X.25 protocol offers simultaneous service to many hosts (for example, multiplex 
connection service). An X.25 network can support any legal configuration of SVCs and 
PVCs over the same physical circuit attached to the X.25 interface. However, configur¬ 
ing a large number of VCs over a serial interface may result in poor performance. X.25’s 
original design aim assumed service for time-sharing and terminal-to-host applications, 
not contemporary computer-to-computer applications. 

The next several sections look at how SVCs can be used to carry single or multiple pro¬ 
tocol traffic. 

SVC Usage 

Up to 4,095 SVCs can be configured on a single X.25 interface. 

Throughput for encapsulating a specific protocol can be improved using multiple SVCs. 
Multiple SVCs provide a larger effective window size, especially for protocols that offer 
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production to Cisco Router 


Configurai 


is allowed. Combinii 
chose available from 


figure 15-8 

Combining 
SCs provides 
greater 
throughput. 


Combined SVCs 


figure 15-9 

SVCs can be 
configured to 
handle only 
one protocol if 
desired. 


TCP/IP 


Mo veil 


AppleTalk 
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Multiprotocol Virtual Circuits 

In Cisco IOS Release 10.2 and later releases, a single virtual circuit to a host can carry 
traffic from multiple protocols, as shown in Figure 15-10. One x25 map statement con¬ 
tains several protocol addresses mapped to a single X.121 address associated with the 
■destination host. 


TCP/IP 


Figure 15-10 

SVCs can be 
set up to sup¬ 
port multipro¬ 
tocol traffic. 


Novell 


AppleTalk 


This capability uses the method described in RFC 1356. Each of the supported proto¬ 
cols can map to a destination host. Because higher traffic loads are generated by routing 
multiple protocols over a VC, combining SVCs as described earlier in this chapter may 
improve throughput. 


ler configuration tasks can be performed to control data throughput and to ensure 
npatibility with the X.25 network service provider. Commonly used parameters 
ude the number of VCs allowed and packet size negotiation. 
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induction to cisco Routef 


Configuration 


X.25 is a flow-controlled r 
both sides of a link. Mismatches 
severe internetworking problems. 

e B ters S inTw fanX ' 25, ' nk (the DTE and tf 
«ers, including encapsulation and address 

also must agree on which VC numbers to u 


protocol. The default flow- 
caused by incons 


Figure 15-11 

Parameters at 
both ends of 
the link must 
agree. 


Encapsulation 
Attachment parameters 
Address 


mapping 


v Size of two packets and a default 
: au t r ^ects the lowest common 
example, 512 or 1024 bytes) are 
acket sizes up to 4096 may be 


- s.ze ot 128 bytes must be availabl, 
minator window size. Higher packet 
lonfy used in the United States and 
ed by some network providers. 

allowing commands can be used to co 
router: 


tee parameters on a 


encapsulation X25 
X25 address 


* X25 map 


encapsulation x25 Command 
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The router can be an X.25 DTE; typically this is the configuration when the X.25 PDN 
is used to transport various protocols. Or the router can be configured as an X.25 DCE, 
which is typical when the router acts as an X.25 switch. DTE is the default. 

x25 address Command 

The x25 address command defines the local router’s X.121 address (one address per 
interface). The value specified must match the address designated by the X.25 PDN. The 
format of the command is: 

Router(config-if)#x25 address x. 121 address 

x25 map Command 

The x25 map command provides a static conversion of higher-level addresses to X.25 
addresses. The command correlates the network-layer addresses of the peer host to the 
peer host’s X.121 address. The format of the command is: 

Router(config-if)#x25 map protocol address x. 121 -address [options] 

where the parameters have the following meanings: 

• protocol Selects the protocol type. Supported protocols are ip, xns, decnet, 
ipx, appletalk, vines, apollo, bridge, clns, and compressed tcp. 

• address —Specifies the protocol address (not specified for bridged or CLNS 
connections). 

• x. 121-address Specifies the X.121 address. The protocol address and the 
X.121 addresses together must specify the complete network protocol-to- 
X.121 mapping. 

• options (Optional) Customizes the connection. One commonly used option 
is broadcast. The broadcast option causes the Cisco IOS software to direct any 
broadcasts sent through this interface to the specified X.121 address. 

The following x25 map statement is used only to communicate with a host that under¬ 
stands multiple protocols over a single VC. This communication requires the multi¬ 
protocol encapsulations defined by RFC1356. 

Router(config-if)#x25 map protocol address [protocol 2 address 2 ]* x.121- 
address [ options] 
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In the preceding x25 map command, the ‘ 
protocol addresses may be associated with 
command. Bridging is not supported. 


X.25 Configuration Example 

In Figure 15-12, two X.25 routers are configured to connect remote company offices. 

IP Address: 10.60.8.1 
X.121 Address: 311082194567 


Additional Configuration Tasks 

It may be necessary to perform additional configuration steps so that the router 
work correctly with the service provider network. Crucial X.25 parameters are: 


Figure 15-12 

Two X.25 rout¬ 
ers connect 
remote 
offices. 


IP Address: 10.60.8.2 
X.121 Address: 311082191234 


Token 
.Ring, 


Virtual circuit range—Incoming, two-way, and outgoing 
Default packet sizes—Input and output 
Default window sizes and window modulus 


Cisco A 


Cisco B 


Cisco B 


interface serial 1 
encapsulation x25 
x25 address 311082194567 
ip address 10.60.8.1 255.255.248.0 
x25 map ip 10.60.8.2 311082191234 broadcast 


interface serial 0 
encapsulation x25 
x25 address 311082191234 
ip address 10 60 8.2 255.255.248.0 1 
x25 map ip 10.60.8.1 311082194567 broadcasl 


These parameters must be defined, but you may not need to configure them directly 
because they depend on the defaults used by the service provider. 


Configuring X.25 VC Ranges 

Up to 4095 virtual circuits can be configured on an interface, and both ends of an X.25 
connection must agree on what range of the available circuits are being used for what 
purpose. Table 15-1 summarizes configuration commands for virtual circuit number 
assignment. The complete range of virtual circuits can be allocated to PVCs, SVCs, or 
a combination of both, depending on your requirements. SVCs are commonly used. 


Virtual Circuit Type 

PVCs “ 

SVCs: 


Range 


Default 


Commands 


Table 15-1 

Configuration 
commands 
for VC 
number 
assignment. 


x25 pvc circuit 


Incoming only 
DCE initiated 
Two-way 


x25 lie circuit 
x25 hie circuit 
x25 ltc circuit 
x25 htc circuit 
x25 loc circuit 
x25 hoc circuit 


Outgoing only 

DTE initiated (outgoing) 




# 









toggj^gion io Ci sco Router 


A low- and high-limit number must be configured rn H fi 

commands are needed for each category the ran § e > w h,ch is why two 

u ™sed. g0ry ' U both hmi « of a range are zero, the ranged 

The circuit numbers must be assigned sn 

way range, both of which come before an onrtJT mcon,m f ran 8 c comes before a two- 
number that comes before any SVC range TheTd?"^’ ^ muSt take a «rcuit 
p™ P e, «*, for ,h« .i„„, cireui. „J b „ ^Z«J?*** «!*"* »«. * 

_ 1 ~ PVCS * (I,C - hic) < (,tc - htc ) < doc _ hoc) _ 4095 

he following decodes can be used to interorer rh„ 

interpret the numbering scheme: 


lie—lowest incoming circuit number 
hie—highest incoming circuit number 
Itc lowest two-way circuit number 
htc—highest two-way circuit number 
loc-lowest outgoing circuit number 
hoc—highest outgoing circuit number 


(from the DCE to th e P DTE^aJd 25^1024 for either ^ 5 “ 2 ° f ° r incomin S calls only 
specifies no virtual circuits for outgoing calls (from KS°he dS?*” 118 - ^ 
x25 lie 5 
X25 hie 20 
x25 ltc 25 

out-orange 5 VC a^romc^ VC range; it considers the 

or an X.25 attachment. For correct opera^ttX 2^™°^^ the VC ™ges 
cally configured ranges. Numbers configured for , n p Un ^ DCE mUSt have ider >- 
>des of an attachment (not necessarily end to end) X PVCS mUSt alS ° agree on both 


Configuring X.25 Packet Sizes 

The following commands are used to configure X.25 packet sizes: 


'**-■*■< 
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These commands set the default maximum input and output packet sizes, respectively. 
The input and output values should match unless the network supports asymmetric 
transmissions. The format of the command is: 

Router(config-if)#x25 ips bytes 
Routerfconfig-if)#x25 ops bytes 

where bytes refers to the maximum packet size assumed for VCs that do not negotiate 
a size. Supported values are: 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096. The 
default is 128 bytes. 

If the stations of an X.25 attachment conflict on the VC’s maximum packet size, the VC 
is unlikely to work. 

Packets sent across the X.25 network that exceed the specified packet size will require 
the router to break the packet into allowable packets with the “more bit” (M-bit) set. 
Packet reassembly occurs on the receiving router; this process consumes CPU cycles on 
both routers. 

Configuring X.25 Window Parameters 

X.25 uses a sliding window for flow control. Larger windows allow more packets to be 
in transit. 

The following commands are used to configure the X.25 window size: 

• x25 win 

• x25 wout 

• x25 modulo 

Use the x25 win and x25 wout commands to set the default incoming and outgoing 
window sizes. The window size specifies the number of packets that can be received/sent 
without sending/receiving an acknowledgment. Both ends of an X.25 link must use the 
same default window size. 

The format of the commands is: 

Router(config-if)#x25 win packets 
Router(config-if)#x25 wout packets 

where the packets parameter specifies the packet window size. Possible values for win¬ 
dow size range from one to one less than the modulus (discussed next). The default is 
two packets. 
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In Figure 15-13, the following commands have been specified: 

• x25 address 311082198756—Specifies the address of the interface. 

• x25 ips/ops 1024—Sets both input and output default packet size to 1024 to 
match the values defined for the network attachment. Maximum value is 4096. 

• x25 win/wout 7—Sets both input and output window sizes to 7 to match the 
values defined for the network attachment. 

The typical default packet size provided worldwide by PDNs is 128 bytes. In the United 
States and Europe, default packet sizes of 1024 are common. Other countries can also 
provide higher packet sizes. The Layer 3 default maximum packet size is subject to the 
limit that lower layers are able to support. 

Setting Up the Router as a Switch 

The router can be configured to switch X.25 traffic over a TCP connection, as shown 
in Figure 15-14. X.25-over-TCP (called XOT) is defined by RFC 1613. 

Figure 15-14 

The router 
acts as local or 
remote 
switch. 


X.25 packets in IP datagrams 

The command to configure an XOT PVC is: 

Router(config-if)#x25 pvc numberl tunnel address interface serial 
string pvc number2 loption] 

The command options are packetsize in out and windowsize in out; they allow a PVC’s 
flow control values to be defined if they differ from the interface defaults. 

In this mode, the backbone comprises routers switching IP datagrams. A few X.25 
devices, such as PADs, connect to each other across the routed IP backbone network. 

The switching performance of IP is higher than native X.25 switching equipment. This 
use of a TCP/IP cloud provides customers with high-performance, concurrent switching 
of X.25, IP, and other protocols. 
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The format of the command is: 

Router(config-if )#x25 route 
interface type number 


.5 interfaces attached to different 
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Imposition] *121.address feud pattern] 


where the parameters mean the follow 


x.121 -address Destination X.121 address pattern 

cud pattern (Optional)—Call User Dam irrim „ .. , . . . 

ASCII string ,LUD) pattern ’ wh,ch 1S a printable 

type-number The destination interface number, such as serial 0 
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- CAUTION- 

The cud pattern must be the value provided by the X.25 service provider. 


Monitoring X.25 

Use the show interfaces command to display status and counter information about an 
interface. The output from this command also displays LAPB information. In Figure 
15-16, the serial interface has its encapsulation type configured for X.25 operation. 


Router#show interface serialO 

Figure 15-16 

Use the show 

SerialO is up, line protocol is up 

interfaces 

Hardware is MK5025 

command to 

Internet address is 183.8.128.129, subnet mask is 255.255.255128 

display status 

MYU 1500 bytes. 8W 56 Kbit. DLY 20000 usee, rely 255/255, load 1/255 

and counter 

Encapsulation X25, loopback not set 

information 

LAPB DCE, state CONNECT, modulo 8, k 7, N1 12048 N2 20 

about an inter- 

T1 3000. interface outage (partial T3) 0. T4 0 

VS 1, VR 1 Remote VR 1, Retransmissions 0 

IFRAMEs 1728559/1639143 RNRs 0/0 REJs 0/0 SABM/Es 3/2 FRMRs 0/0 DISCs 0/0 

face. 

X25 DCE, address 311012345678, state Rl, modulo 8, timer 0 


Defaults: cisco encapsulation, idle 0. nvc 1 

input/output window sizes 2/2, packet sizes 128/128 

Timers: T10 60. T11 180. T12 60. T13 60. TH 0 

Channels: Incoming-only none, two-way 1-1024, Outgoing-only none 

RESTARTS 3/3 CALLS 244+235/266+262/0+0 DIAGs 0/0 


Last input 0:00:00, output 0:00:00, output hang never 

Last clearing of “show interface" counters never 

Output queue 0/40, 0 drops; input queue 2/75, 0 drops 

Five minute input rate 0 bits/sec, 3 packets/sec 

Five minute output rate 0 bits/sec, 3 packets/sec 


3370943 packets input, 113376062 bytes, 0 no buffer 

Received 1971 broadcasts, 0 runts, 0 giants 

57 input errors, 57 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 


- - more - - 



Additional show commands for X.25 include show x25 map and show x25 vc. 
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Chapter Fifteen Test 
Configuring X.25 


Estimated Time: 15 minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key." 

Question 15.1 

T F X.25 defines the lower three layers of the OSI model. 

Question 15.2 

T F LAPB is the network protocol. 

Question 15.3 

T F Tunneling of other protocols inside X.25 is supported. 

Question 15.4 

To configure an X.25 interface, you must: 

T F (a) Define the interface encapsulation. 

T F (b) Set critical parameter values for attaching to the PDN. 

T F (c) Configure the interface X.121 address. 

T F (d) Define any protocol to X.25 mapping. 

T F (e) Define static IP addresses on both sides of the link. 

T F (f) Configure one router as a master to perform setup steps. 









This chapter overviews Frame Relay operation and covers how to configure it for both 
physical interfaces and subinterfaces. 

Frame Relay Overview 

Frame Relay is a CCITT and American National Standards Institute (ANSI) standard that 
defines the process for sending data over a public data network. It is a next-generation 
protocol to X.2.1 and is a data-Iink technology (Layer 2) that is streamlined to provide 
high performance and efficiency. It relies on upper-layer protocols for error correction and 
How control and today’s dependable fiber and digital networks for reliability. 

As shown in Figure 16-1, Frame Relay defines the interconnection process between 
your customer premises equipment (also known as DTE), such as a router, and the ser¬ 
vice provider’s local access switching equipment (also known as DCE). It does not 
define how the data is transmitted within the service provider’s Frame Relay cloud 
hrame Relay is a purely Layer 2 protocol. 

Frame Relay provides a means for statistically multiplexing many logical data conver¬ 
sations (referred to as virtual circuits) over a single physical transmission link by assign¬ 
ing each pair of DTEs connection identifiers. The service provider’s switching 
equipment constructs a table mapping connection identifiers to outbound ports. When 
a frame is received, the switching device analyzes the connection identifier and delivers 
the frame to the associated outbound port. The complete path to the destination is 
established prior to the sending of the first frame. 
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ate a PVC. DLCIs have local significance in that the identifier references the point 
between the local router and the Frame Relay switch to which it is connected. 



Loop=64 kbs 

Local Management Interface (LMI) 

The LMI is a signaling standard between the CPE device and the FR switch that is 
responsible for managing the connection and maintaining status between the devices. 
LMIs include support for: 


• A keepalive mechanism, which verifies that data is flowing 

• A multicast mechanism, which provides the network server with its local DLCI 

• The multicast addressing, which gives DLCIs global rather than local signifi¬ 
cance in Frame Relay networks 

• A status mechanism, which provides an ongoing status on the DLCIs known to 
the switch 

Although the LMI is configurable, beginning in Release 11.2, the Cisco router tries to 
autosense which LMI type the FR switch is using by sending one or more full status 
requests to the FR switch. The FR switch will respond with one or more LMI types. The 


Figure 16-2 

Frame relay 
elements. 
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Forward Explicit Congestion Notification (FECN) 

When a Frame Relay switch recognizes congestion in the network, it sets the FECN bit 
in a Frame Relay packet bound for the destination device, indicating that congestion 
has occurred from source to destination, as shown in Figure 16-3. 



Figure 16-3 

FECN packets 
indicate that 
congestion 
has occurred. 


BECN 


Backward Explicit Congestion Notification (BECN) 

When a Frame Relay switch recognizes congestion in the network, it sets the BECN bit 
to the source router instructing the router to reduce the rate at which it is sending packets. 
With Cisco IOS Release 11.2 or later, Cisco routers can respond to BECN notifications. 


Discard Eligibility (DE) Indicator 

When the router detects network congestion, it sets the DE bit on oversubscribed traffic. 
If the network experiences congestion, it will first discard those packets with the DE bit 
set. 


Frame Relay Operation 

Frame Relay is a Layer 2 protocol that describes how the DTE device communicates 
with and connects to a Frame Relay switch. Figure 16-4 illustrates how FR operation 
works. 
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6. For each DLCI for which the router receives an Inverse ARP message, the rout¬ 
er will create a map entry in its Frame Relay map table that includes its own 
DLCI and the remote router’s network-layer address, as well as the state of the 
connection. Note that the DLCI is the router’s locally configured DLCI, not 
the DLCI that the remote router is using. Three possible connection states ap¬ 
pear in the Frame Relay map table: 

• Active state —Indicates that the connection is active and that routers can 
exchange data 

• Inactive state —Indicates that local connection to FR switch is working, but 
the remote router’s connection to FR switch is not working 

• Deleted state —Indicates that no LMI is being received from the FR switch 
or no service between the CPE router and FR switch is occurring 

If Inverse ARP is not working, or the remote router does not support Inverse 
ARP, you need to configure the routes (DLCIs and IP addresses) of the remote 
routers. Such configurations are referred to as static maps-, static mapping is 
discussed later in the “Configuring Optional Commands” section. 

7. Every 60 seconds, the routers exchange Inverse ARP messages. 

8. Every 10 seconds or so (this is configurable), the CPE router sends a keepalive 
message to the FR switch. The purpose of the keepalive message is to verify 
that the FR switch is still active. 

The router will change the status of each DLCI, based on the response from 
the FR switch. 

Configuring Frame Relay 

A basic Frame Relay configuration assumes that you want to configure Frame Relay on 
one or more physical interfaces, and that LMI and Inverse ARP are supported by the 
remote router(s). In this type of environment, the LMI notifies the router about the 
available DLCIs. Figure 16-5 illustrates a configuration for this situation. 

Use the following steps to configure basic Frame Relay on a Cisco router: 

1. Select the interface and enter interface configuration mode. 

2. Configure a network-layer address, for example, an IP address. 
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This command affects routing operation by protocols such as IGRP and 
EIGRP, because it is used to define the metric of the link. In addition, it allows 
E1GRP to determine how much data to transmit in a given amount of time. 
Without this command, EIGRP assumes that the bandwidth is 1.544 Mbps 
(T1). This command is also the basis for the statistics such as bandwidth usage. 

6. If Inverse ARP was disabled on the router, re-enable it. Inverse ARP is on by 
default. The command form is: 

Router(config-if)#frame-relay inverse-arp [ protocol] [ dlci ] 

Supported protocols include ip, ipx, appletalk, decnet, vines, and xns. The pa¬ 
rameter dlci identifies the DLCI on the local interface with which you want to 
exchange Inverse ARP messages. 

Configuring Optional Commands 

Normally, Inverse ARP is used to request the next hop protocol address for a specific 
connection. Responses to Inverse ARP are entered in an address-to-DLCI map (Frame 
Relay map) table. The table is then used to route outgoing traffic. When Inverse ARP is 
not supported by the remote router, when configuring OSPF over Frame Relay, or when 
vou want to control broadcast traffic when using routing, you must define the 
address-to-DLCI table statically. These static entries are referred to as static maps; they 
are implemented with the frame-relay map command. The full form of the command is: 

Router(config-if)#frame-relay map protocol protocol address dlci 

[broadcast][ietf j cisco | payload-compress packet-by-packet] 

where the parameters and keywords have the following meanings: 

• protocol —Defines supported protocol, bridging, or logical link control. 

• protocol-address —Defines the network-layer address of the destination router 
interface. 

. dlci— Defines the local DLCI used to connect to the remote protocol address. 

• broadcast (Optional)—Forwards broadcasts to this address when multicast is 
not enabled. Use this if you want the router to forward routing updates. If not 
enabled, you must define static routes, and if using IPX, static SAPs. 

• ietf I cisco (Optional)—Select the Frame Relay encapsulation type for use. Use 
ietf only if the remote router is a non-Cisco router; otherwise, use cisco. 

• payload-compress packet-by-packet (Optional)—Packet-by-packet payload 
compression, using STAC, a Cisco proprietary compression method. 
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routing traffic 


Description 


Command 


show frame-relay pvc Displays the status of each configured connection as well as 
traffic statistics. This command is also useful for viewing the 
number of BECN and FECN packets received by the router, 
show frame-relay map Displays the network-layer address and associated DLCI for 
each remote destination that the local router is connected to. 
show frame-relay lmi Displays LMI traffic statistics. For example, it shows the 
number of status messages exchanged between the local 
router and the Frame Relay switch. 


u using tioKr, you can set what 
to use for EIGRP routing traffic. The default 
command varies, depending on whethi 
AppleTalk. The IP syntax is as follows: 
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Selecting a Frame Relay Topology 


Frame Relay allows you to interconnect your remote sites in a variety of ways as shown 
in Figure 16-6. Example topologies include: 


Star topology 
Full-mesh topology 
Partial-mesh topology 


Figure 16-6 

Frame Relay 
topologies. 


Verifying Frame Relay Operation 

After configuring Frame Relay, you can veri 
following show commands: 

_Description 

show interfaces serial 


connections are active 


Partial Mesh 


Displays information about t 
used on the Frame Relay-con 
LMI DLCI used for the local 


Star (Hub and Spoke) 
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To overcome this reachability problem, the router must replicate the broadcast for each 
active connection. That is, the distribution of broadcast traffic can be accomplished 
only by sending the same message to each virtual connection in order. This method 
requires considerable resource allocation within the router. 

Figure 16-7 

Broadcast traf¬ 
fic must be 
replicated 
from each 
active connec¬ 
tion. 


Broadcasts are not a problem if there is only a single PVC on a physical interface, 
because such a configuration is a point-to-point connection type. 

The amount of broadcast traffic and the number of virtual circuits terminating at each 
router should be evaluated during the design phase of a Frame Relay network. Overhead 
traffic, such as routing updates, can impact the delivery of critical user data, especially 
when the delivery path contains low-bandwidth (56 kbps) links. 

Resolving Reachability and Resource Issues: 
Subinterfaces 

The simplest answer to resolving the reachability issues brought on by split horizon may 
seem to be to turn off split horizon. Two problems exist with this solution. First, only 
IP allows you to disable split horizon; IPX and AppleTalk do not. (When an interface 
is configured with encapsulation frame-relay, split horizon is disabled for IP and 
enabled for IPX and AppleTalk, by default.) 

The second problem is that disabling split horizon increases the chances of routing 
loops in your network. 

To enable the forwarding of broadcast routing updates in a Frame Relay network, you 
can configure the router with logically assigned interfaces called subinterfaces. Subinter¬ 
faces are logical subdivisions of a physical interface, as shown in Figure 16-8. In split 









Introduction to Cisco Router Configurator 


Figure 16-8 

A single physi¬ 
cal interface 
(SO) can simu¬ 
late multiple 
logical inter¬ 
faces (SO. 1. 

S0.2. 
SO. 3), called 
subinterfaces. 


Logical Interface 


Subnet A 


Physical 

Interface 


Subnet B 


Subnet C 


Point-to-point A single subinterface is used to establtsh one PVC connection 
to another physical interface or subinterface on a remote router. In this case, 
the interfaces would be in the same subnet, and each interface would have a 
single DLCI. Each point-to-point connection is its own subnet. In this environ- 
ment broadcasts are not a problem because the routers are point-to-point and 
act like a leased line. 

Mult,point—A single subinterface is used to establish multiple PVC connec¬ 
tions to multiple physical interfaces or subinterfaces on remote routers. In this 
case all the participating interfaces would be in the same subnet, and each 
interface would have its own local DLCI. In this environment, because the sub- 
interface is acting like a regular NBMA Frame Relay network, broadcast traffic 
is subject to the split horizon rule. 


Conrpnt *° “ r ° Uti " 9 pr0t ° co1 that su PP orts turning off split hori- 

Concept zon. subinterfaces can be used to overcome the split horizon problem. 

“'f; 65 are Particularly useful in a Frame Relay partial-mesh NBMA 
model that uses a distance vector routing protocol. 



Configuring Subinterfaces 

Xo configure subinterfaces or. a physical interface, use the following steps: 

1. Select the interface or. which you want to create subinterfaces and enter the 
interface configururx'o. mode. 

2. Remove any network-layer address assigned to the physical interface. If the 
physical interface f_is an address, frames will not be received by the local 
subinterfaces. 

3. Configure Frame Relax encapsulation, as discussed in the “Configuring Frame 
Relay” section. 

4. Select the subinterrace \ ou want to configure. The command format is: 

Router(cor' if)*i n t e rface serial number.subinterface-number 

{multipoint point-to-point} 

where the parameters and keywords have the following meanings: 

• .subinterface-numttxT -—Subinterface number in the range 1 to 4294967293. 

The interface number that precedes the period (.) must match the interface 
number to which this subinterface belongs. 

• multipoint Select this if you want the router to forward broadcasts and 
routing updates that it receives. Also select this if you are routing IP and 
want all routers to be in the same subnet. 

• point-to-point Select this if you do not want the router to forward broad¬ 
casts or routing updates and if you want each pair of point-to-point routers 
to have its own subnet, as shown in Figure 16-9. 

You must specif} either multipoint or point-to-point; there is no default. 

Figure 16-9 

Each pair of 
routers has its 
own subnet. 

• Point-to-Point 

Subinterfaces act as leased line 

• Each point-to-point connection requires its own subnet 

• Good for star or partial-mesh topologies 


• Multipoint 

• Subinterfaces act as default NBMA network 

• Can sav-e subnets because uses single subnet 

• Good for full-mesh topology 


( 

( 







Introduction to Cisco Router Configuration 


5. Configure a network-layer address on the subinterface. If the subinterface is 
pomt-to-pomt, and you are using IP, you can use the ip unnumbered 
command: 

Router(config-if )#ip unnumbered interface 

If you use this command, it is recommended that the numbered interface (the 
one with the network-layer address) is the loopback interface. The Frame Re- 
ay link will not work if this command is pointing to an interface that is not 
fully operational, and a loopback interface is less likely to fail. The loopback 
interface is an address that represents the device itself 

6. If you configured the subinterface as point-to-point, or as multipoint with In¬ 
verse ARP enabled, you must configure the local DLCI for the subinterface to 
distinguish ,t from the physical interface. Use the following command: 

Router(config■if )#frame-relay interface-dlci dlci-number 

where -dlci-number defines the local DLCI number being linked to the subinter- 
face. This ,s the only way to link an LMI-derived PVC to a subinterface be¬ 
cause LMI does not know about subinterfaces. 

This command is not required for multipoint subinterfaces configured 
with static route maps. 

Do not use this command on physical interfaces. 


Multipoint Subinterfaces Configuration Example 

Consider the network shown in Figure 16-10. 

The configuration output in Figure 16-11 shows how to configur 
faces. Specifically, the subinterfaces of Figure 16-10 have been ci 
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Figure 16-10 

Multipoint 

subinterfaces. 


S2.2, the central site router. With this type of configuration, the subinterface takes on 
the same Frame Relay characteristics as a physical interface. That is, each subinterface 
is NBMA and is subject to split horizon operation. The advantage, however, is that you 
need only a single network address. 


Remember to 
configure the 
bandwidth for 
the link. 


<Output Omitted> 

! 

interface Serial2 

no ip address < --- 

encapsulation frame-relay 
! 

interface Serial2.2 multipoint 
ip address 10.17.0.1 255.255.255.0 
> bandwidth 64 

frame-relay map ip 10.17.0.2.120 broadcast - 
frame-relay map ip 10.17.0.2.130 broadcast 
frame-relay map ip 10.17.0.2.140 broadcast 


router rip 
network rip 
network 10.0.0.0 
cOutput Omitted> 


Do not configure an 
address on physical 
interface. 


Broadcasts are 
sent, similar to 
how they are 
sent when using 
the physical 
interface. 


Figure 16-11 

Router 1, cen¬ 
tral site, is 
connected to 
all remote 
sites via a sin¬ 
gle IP address 
with this con¬ 
figuration. 


Configured to routers 2, 3, and 4. 
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Point-to-Point Subinterfaces 

Consider the point-to-point subinterfa 
6 3 shows the configuration for rhi< 


romt-to-point 

subinterfaces. 


Figure 16-13 

Router 1, 
central site, is 
connected to 
all remote 
sites by 
distinct IP 
addresses in 
this configura¬ 
tion. 


configuration for Router 
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Summary 

This chapter has defined the terms and elements used in a Frame Relay network. Frame 
Relay allows you to configure multiple WAN connections from a single router. These 
connections can be physical or logical; logical connections are called subinterfaces. Sub¬ 
interfaces help overcome the potential reachability and resource usage challenges asso¬ 
ciated with Frame Relay as a result of its NBMA nature and its use of split horizon. 
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Figure 16-15 
The ip unnum¬ 
bered 

command. 


<Output Omitted> 

! 

interface SerialO 

ip address 100.4.2.1 255.255.255.0 

! 

ip address 172.7.2.9 255.255.255.0 
no fair-queue 
dockrate 56000 

! 

interface Serial2 
no ip address 
encapsulation frame-relay 

! 

! 

interface Serial2.2 point-to-point 

ip unnumbered Seriall 
bandwidth 64 

frame-relay interface-dlci 220 

! 

interface Serial2.3 point-to-point 
ip unnumbered SerialO 
bandwidth 64 

frame-relay interface-dlci 230 

! 

<Output Omitted> 

j 

router rip 
network 10.0.0.0 



Chapter Sixteen Test 
Configuring Frame Relay 


Estimated Time: IS minutes 

Complete all the exercises to test your knowledge of the materials contained in this 
chapter. Answers are listed in Appendix A, “Chapter Test Answer Key.” 

Question 16.1 

T F Subinterfaces enable you to set up point-to-point Frame Relay networks. 

Question 16.2 

T F Frame Relay can be used in a variety of topologies, depending on your network 
requirements. 








Question 16.3 

T F Frame relay routers and hubs can assist in managing traffic congestion. 
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Chapter Test 
Answer Key 


Chapter 1: "The Internetworking Model" 

1.1. LANs, W ANs, and enterprise networks. 

1.2. Layer - : Application 
Layer 6: Presentation 
Layer 5: Session 
Layer 4: Transport 
Layer 3: Network 
Layer 2: Data Link 
Layer 1: Physical 

1.3. [bj packets and [d] datagrams 

1.4. [c] defines network addressing and determines the best path through an 

internetwork 

1.5. [d] data, segments, packets, frames, bits 


Chapter 2: "Applications and Upper Layers" 

2.1. Computer Applications: word processing, presentation graphics, spread¬ 
sheet, database, project planning, etc. 

Network Applications: electronic mail, file transfer, remote access, client/ 
server processes, information location, network management, etc. 
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Chapter Test Answer Key 


Internetwork Applications: electronic (' 
email gateways, special-interest bulletin boards, Inanck I 
vices, internet navigation utilities 
IF, 2C, 3E, 4D, 5A,6B 
Host B will send back an ; 
retransmitted. Host A will 
acknowledgment 
should resume normally. 


data interchange, world wide web, 

, -- 1 transaction ser- 

conterencing (video, voice, data), etc fl 

acknowledgment indicating that data2 must be 
-1 retransmit data2. Host B will then send an 
requesting data4. From this point, communication fl<3 


Chapter 5: "Basic Router Operations" 

5.1. RAM: show version, show running-config 
NVRAM: show startup-config 

Flash: show flash 

Console privileged EXEC mode: enable 
Interfaces: show interfaces 

5.2. Type ? at the privileged EXEC mode prompt. 

5.3. The enable command is used to enter privileged EXEC mode. 

5.4. The system displays the last ten recorded commands when you enter the 
show history command. 

5.5. The router quits the privileged EXEC mode and goes back to user mode. 


Chapter 3: "Physical and Data Link Layers 

3.1. E=Ethernet; To=Token Ring; Fo=FDDI 

3.2. Ethernet II and SNAP frame types 

3.4.' c! A SD = LC Cdia C ° ntr0l; LLC=L °S ical L| nk Control 
B: EIA/TIA-232 
E: 802.3 
F: Frame Relay 
D: Ethernet II 
G: FDDI 
A: Token Ring 


Chapter 6: "Configuring a Router" 

6.1. T 

6.2. T 

6.3. T 

6.4. F 

6.5. F 

6.6. T 

6.7. T 

6.8. F 

6.9. The configure terminal command is used to enter global configuration 
mode. 

6.10. The banner login form of the banner command defines a login banner. 

6.11. The banner motd command creates a Message of the Day banner. 

6.12. You must enter a delimiting character after the banner motd command to 
indicate the end of the banner message. 

6.13. The interface serial 1 command string puts you in interface configuration 
mode for interface Serial I. 

6.14. If you set both the enable and secret passwords, the secret password over¬ 
rides the enable password and is used to enter privileged EXEC mode. 

6.15. The show controllers serial command is used to determine if Seriall is 
cabled as a DCE interface. 

6.16. The no shutdown command is used to enable an interface. 

6.17. You must be in the interface configuration mode for the specific interface 
you want to enable. 

6.18. The show version command displays the current configuration register 
setting. 


Chapter 4: “Network Layer and Path Determination” 

4.1. T 

4.2. F 

4.3. T 

4.4. T 

4.5. T 

4.6. F 

4.7. IP 

4.8. Ethernet/802.3 

4.9. B 

4.10. A 

4.11. C 
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6 ' 19 ' I', he 1 fo ‘ lowin g commands create and copy a back image in 
Hash: boot system Flash [IOS.filename] 

ROM: boot system rom 

fi tu TP SerVen b °°' SyStCm TFTP |file namc l[TFTP server addressl 
b.20. The router must be in global configuration mode before you can issue the 
boot system command. e 

Chapter 7: "Discovering and Accessing 
Other Cisco Routers" 

7.1. T 

7.2. F 

7.3. T 

7.4. T 

7.5. F 

7.6. F 

7.7. F 

7.8. This setting specifies the length of time between CDP updates. 

■ ■ On a network with a single Cisco router, or a very stable network that can¬ 
not support the extra traffic. 

7 ’ 10 ’ Param “ er indic ates how long the receiving device should hold a CDP 
packet sent from the local router. 

7n ™eyuse multicast address 0100.0ccc.cccc and the value 2000 in the SNAP 


Chapter 8: "TCP/IP Overview" 

8-1. Network Interface 
Internet 
Transport 
Application 

8.2. Layer 3 

8.3. Layer 4 

8.4. A. ARP 

B. IP 

C. ICMP 

D. TCP 

E. TCP 

F. UDP 


Appendix A 


Chapter Test Answer Key 


427 


G. UDP or IP 

H. TCP 

I. TCP 

J. ICMP 

K. UDP or IP 

L. TCP 

M. UDP 


Chapter 9: "IP Address Configuration" 

9.1. Class: B 

Subnet: 172.16.2.0 

9.2. Class: A 
Subnet: 10.6.0.0 

9.3. Class: A 
Subnet: 10.30.36.0 

9.4. Class: C 

Subnet: 201.222.10.56 
Broadcast: 201.222.10.63 

9.5. Class: A 

Subnet: 15.16.192.0 
Broadcast: 15.16.199.255 

9.6. Class: B 

Subnet: 128.16.32.12 
Broadcast: 128.16.32.15 


Chapter 10: "IP Routing Configuration" 

F 
T 
F 
F 
F 

The networks discovered by the RIP routing protocol are preceded by the 
code letter R. The networks that are directly connected to the router and 
have been configured with the network command are preceded by the 
code letter C. 

The debug ip rip command displays the RIP routing updates sent from 
and received at the router. 


10 . 1 . 

10 . 2 . 

10.3. 

10.4. 

10.5. 

10 . 6 . 


10.7. 





I 
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10.8. The no debug ip rip command disables the display of the RIP routinl|i, 
updates sent from and received at the router. 

10.9. You issue the router igrp autonomous-system command to enable the 
IGRP routing protocol. 

10.10. No. A new router igrp command must be issued when establishing an 
IGRP routing protocol for each autonomous system. 

10.11. You issue the show ip protocols command to verify that the IGRP routi njfa 
protocol is enabled. 

10.12. You issue the show ip route command to display the current state of the. I 
IGRP routing table. 

10.13. The debug ip igrp events command displays the IGRP routing updates f 
events sent from the router. 

10.14. IGRP uses a composite metric as its routing metric. This metric include*® 
the following components: 

(a) Bandwidth 

(b) Delay 

(c) Reliability 

(d) Loading 

(e) Maximum transmission unit 


Chapter 11: "Configuring Novell IPX 


R3 Interface Name 


Network Address 


Encapsulation 


50 dlOO hdlc 

51 cObO hdlc 

El blbO novell-ether 

Issue the ipx routing command to enable IPX routing on your routet S 
The router must be in global configuration mode before you can issue the , 
ipx routing command. 

You issue the ipx network number command to assign IPX network num-a 
bers on your router. 

Issue the show ipx interface command to verify IPX address assignment® 
on your router. 

Issue the show ipx route command to verify entries in the routing table. J| 


Chapter 12: "Configuring AppleTalk 
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12 . 3 . T 

12 5. The appleTalk routing command enables AppleTalk routing on the 

12 6 Issue "the appleTalk cable-range cable-range command to assign cable 

rinses to each interface on your router. rn 

12 7 Issue the appleTalk zones zone name command to assign zon 

128 

12 . 9 . Issue the^show^appleTalk route command to verify entries in the routing 
table. 

Chapter 13: "Basic Traffic Management 
with Access Lists" 

13 . 1 . You issue the show ip interface command to show if an> access 

13 . 2 . The Ip access-group access-list-number in command links the access list 

13 . 3 . The'router must be in interface configuration mode before you can issue 

13 . 4 . S^how ip interface command to verify that a new access list 

13 . 5 . YouMssue^the show^access-lists command to display the contents of an 

13 . 6 . Us^the'hst numbers in the range of 800 to 899 when defining a standard 

13 . 7 . YimtssuTtle'show ipx interface mterface to verify that a new access list 

is now active on the interface. f a ii ACC ess 

13 . 8 . The show ipx access-lists command displays t e co 

13 . 9 . u“; ,hc range of lie. number, from 600 ,o 699 when you define .» Apple- 

13 . 10 . “,ho» wleralk aceerf.t, command display, *e conr.nf, of .he 
AppleTalk access lists. 


1 
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^^Hi^ll2^sco^ou^r Confii 


'gurati, 


Chapter ,4: "Introduction to Serial Connect,, 


(a) A 

(b) B 

(c) A 

(d) B 

(e) C 

(f) A 

(g) B 

(h) C 

(A) Switched or relay services 
B Front end to an IBM enterprise « 

(C) Connection between peer device. 

You issue the show interfaces interfa 
your interface is configured for PPP e 
You issue the debug ppp authenticati 
exchange sequence. Th.s command is issued 


center computer 


Chapter 15: "Configuring X.25 


Chapter 16: "Configuring Frame Relay 


Configuring DECnet 


TTiis appendix presents how to configure Cisco routers in DECnet networks. First, 
you II re\ iew rhe DECnet protocol stack, and then you'll learn about setting global and 
interface parameters for DECnet. Finally, you’ll see examples of various DECnet con¬ 
figurations and information on how to monitor a DECnet configuration. 


Overview of DECnet 

DECnet is a proprietary Digital Equipment Corporation (Digital) protocol. DECnet 
Phase \ is the current version, although DECnet Phase IV is still seen in many installa¬ 
tions. L nles> otherwise noted, the discussion in this chapter applies to Phase IV. Figure 
1 shows the Flayes DECnet architecture compared to the OSI model. 

^ECnet address contains 16 bits: 6 bits for the area and 10 bits for the node address, 
n Figure B-2. the DECnet router is assigned address 5.14 (the area address is 5; the 
node address is 14). Each addressable entity is called a node; each node is assigned one 
area.node address is modified and becomes a software-formatted MAC 
address used on all interfaces. 


>- is localized by placing nodes in logical or physical groupings called areas. 

Phase 1\ uses a distance vector protocol; path determination is based on the 
^ st of all outgoing interfaces. Routers keep cost calculations for all hosts in their area. 

“e to the incorporation of logical addressing into the MAC address, no address reso- 
*ution is required, as it is in IP. 
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Figure B-1 

DECnet proto¬ 
col stack. 


Figure B-2 

DECnet 16-bit 
address. 



OSI Reference Model 


DECnet Architecture 

7 

Application 

7 

User 

6 

Presentation 

6 

Network 

Application 

5 

Session 

5 

Session 

4 

Transport 

4 

End-to-End 

3 

Network 

3 

Routing 

2 

Data Link 

2 

Data Link 

1 

Physical 

1 

Physical 


Area. Node 



^ EC ; et /^ e n ,V USeS the DECnet Routin g Protocol (DRP). DECnet Phase V uses the 
standard OSI Routing Protocol (IS IS), which is a link-state routing protocol. 

Each device speaking DECnet is a node, and addresses are assigned to the node, not to 
md.vdual wires or interfaces. Therefore, the entire router, as a node, is assigned one 
address. A 6-b.t area number allows a maximum of 63 areas, and all nodes in an area 
must be contiguous (use an uninterrupted sequence of numbers). 

Within a LAN, one router is chosen as the designated router (DR). The DR is always 
nown to end nodes because of periodic DR announcements. All traffic from an end 
node is initially sent to the designated router for forwarding. Later, as network knowl- 
eage is learned, the end nodes use a more direct path. 

Several nodes in an area are assigned intra-area router status. These nodes contain 
knowledge about all nodes within that area in their routing tables. 

One or more nodes in an area are assigned to be an interarea router. The task of this 
router is to forward traffic to a specific router in another area, as shown in Figure &-3. 

n interarea router’s routing table contains all nodes in an area plus the paths to other 
areas via interarea routers. 
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Node Assignments 

Using a 10-bit node number allows a maximum of 1023 nodes in each area. The node 
address is folded into the MAC address for each interface, as shown in Figure B-4. 

When DECnet initializes, the modified (software-supplied) MAC address is propagated 
onto each interface. 



Swap two lower bytes and add to 
standardized DEC MAC address header 



Figure B-4 

Node assign¬ 
ments. 


When a host boots, it advertises its presence. During normal operation, host reachabil¬ 
ity is advertised to local routers every 15 seconds. 

End nodes (nonrouting hosts) have no knowledge of the network after they boot up. 
Only the designated router is known through its periodic announcements. 
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d '”” d ,0r " 0d ' S “** »«' ». b. *«eJ l . 

Routers Pass Information 

Periodic updates are sent by each router, as shown in Fienrp R_s j 

cost information to all reachable nodes within each router’s area Each £rfT T'™ 

outgoing cost associated with it. Routing decisions are based on'total path cost “ 



DEC DEC 

52 5.3 


Designated Routers 

ork. Periodic announcements are sent by each node to advertise its reachability 
The single DR is always known to end nodes because of Deriodir DR 

SB?— 



DEC 



Figure B-6 

The DR is 
known 
through its 
announce¬ 
ments. 


Level 1 and Level 2 Routing 

Routers that forward traffic within their own area are referred to as Level l routers. 
These routers have complete knowledge of all nodes within that area. These routers are 
referred to as routing-iv (a reference to Phase IV DECnet). 

Routers that communicate between areas have knowledge of all nodes in their area and 
of the nodes that provide entry into other areas. These Level 2 routers are configured 
as area routers (as shown in Figure B-7). 


DECnet Configuration Commands 

In this section, you learn about the global DECnet configuration parameters and the 
configuration commands you need to configure DECnet. This section also includes an 
example DECnet configuration. 

DECnet Configuration Tasks 

The activation of DECnet as a routing protocol requires setting global and interface 
parameters. 
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DEC 

5.1 DEC 

8.2 


The global tasks are as follows: 

• Start the DECnet routing process and assign a node address. 

• Designate the router as a Level 1 or 2. 


r oing r !*•»«» 

"° de ■«! • cost h, „™„ e * e WMllS 


Figure B-7 

Level 7 rout¬ 
ing routes 
inside your 
area; Level 2 
routing routes 
between 
areas. 


Figure B-8 

A DECnet net¬ 
work that is 
fully config¬ 
ured. 
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DECnet Configuration Commands 

The following configuration commands are needed when routing with DECnet: 

• The decnet routing command starts the routing process and assigns an 
area.node address to the entire router. 

• The decnet node-type command establishes the routing characteristics of a 
router. Routers are referred to as Level 1 routers if they perform the intra-area 
routing task. 

Level 1 routing is specified by routing-iv, the default. 

Level 2 routing or interarea routing is specified by area. 

• The decnet cost command enables DECnet on this interface and assigns a cost 
(from 1 to 63) to the interface. There are no default costs. A cost must be 
assigned to each interface. Suggested costs are 1 for FDDI interfaces, 4 for 
Ethernet interfaces, and a minimum of 10 for serial links. 

The cost assigned should be proportional to the speed of the media; the higher 
the bandwidth, the lower the cost associated with its use. 

Refer to your Cisco documentation or go to www.cisco.com for more information on 
these commands. 

DECnet Configuration Example 

Figure B-9 shows an example of a DECnet configuration. 






Figure B-9 

DECnet con¬ 
figuration 
example. 


- ^ 

y* . _ E0 1 

rr cost = 15 * a 

Cost = 5 | 

1- 1 

4 - — U 




decnet routing 5.6 
decnet node-type area 
interface ethernet 0 
decnet cost 5 

interface serial 0 
decnet cost 15 



Details of the configuration in Figure B-9 are: 

Command Description 

d^netToutingTb Enables DEC^TT^m 


Command Description 

decnet node-type area Defines the router as a Level ? 

decnet cost 1^ a..' “ interarea node 

Id Assigns an outgoing cost of 15 to the interface serial 0 


The router is assigned an address of 5.6 with resDonsibilirv 

other areas. Interface costs are assigned. There are no defaults! Ct '" g ^ 5 t0 

Configuring DECnet Access Lists 

To configure standard and extended access lists for nrr„ , u 

administrator chooses must be within the range of 300 399 The “““ l, ?. number f" 
an entire area or an area.node. 8 JOO-399. The source address can be 

b ;r f ° r H bit W , kh the MCnet area.node address. As 
m the DECnet address will be checked; a'one inatildtTdm C ° rreSp ° ndin S bit 

itt ter POndm8 blt P0Slti0n the DEC - addresfS 
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However, because the DECnet addressing uses decimal numbers, wildcard masking dif¬ 
fers from masking used with IP addresses. For example, to mask all bits in a DECnet 
area address, express the “all-ones” mask as 1023 (1111111111). 

If the traffic to control has its destination on another DECnet area, it must cross a Level 
2 router. An access list specifying only the source address must be placed near the des¬ 
tination. Depending on the specific controls and masking required, this may be at the 
appropriate Level 2 interface. 


DECnet Access List Commands 


The access-list command is used to make an entry in a traffic filter list. 

The decnet access-group command is used to link an access list to the selected interface. 


Controlling DECnet Example 

Figure B-10 shows an example of DECnet traffic control. 


Figure B-10 

Controlling 

DECnet 

example. 


access-list 301 permit 1.0 0.1.23 0.0 63.1023 
access-list 301 permit 3.0 0.1.23 0.0 63.1023 


interface ethernet 0 
decnet access-group 301 
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SSSS-rKt-i 

Monitoring DECnet 

The following commands are used to monitor the progress of DECnet: 

‘ S m -h I"" I' imerfaCe C ° mmand t0 displa y status about all DECnet in¬ 

terfaces, including line status, timers, and access lists assigned. 

' routing tablee deC " et r ° UtC C ° displ ^ the of the DECnet 

* h^itTatt;::,^ C COmmand t0 Sh0W traffic that 

• Use the debug decnc. routing command to display routing update messages. 

For more information on configuring DECnet refer rr, rh„ r . 

go to www.cisco.com.tatc.net, refer to the Cisco documentation CD or 






This appendix explains how to configure Banyan VINES routing on Cisco routers. First, 
this appendix contains a VINES overview, and then you’ll learn about the configuration 
and monitoring commands you’ll need to maintain VINES on Cisco routers. 


VINES Overview 

Banyan Virtual Integrated Network Service (VINES) is a proprietary protocol of Banyan 
Systems. The VINES protocol stack has seven layers, as does the OSI reference model. 
The VINES implementation differences (compared to OSI) occur at Layers 3 and 4, as 
shown in Figure C-l. 


OSI Reference Model VINES Architecture 


7 

Application 

7 

Application 

6 

Presentation 

6 

Presentation 

5 

Session 

5 

Session 

4 

Transport 

4 

Interproc. Comm. 
Seq. Packet 


Figure C-1 

The VINES 
protocol stack 
compared to 
the OSI refer¬ 
ence model. 


3 


Network 


3 


VINES IP 







443 


Introduction to Cisco Router Configuration 


LTi| C ° ntainS VIN P' nrernet Pr<K0C01 (VIP ° r VinesIP > as 3 connectionless data¬ 
gram delivery protocol. This protocol is similar to the IP in TCP/IP, and it can inter 
operate in a TCP/IP environment. lnter ' 

Layer 4 transport protocols are the Interprocess Communications Protocol (IPC) and 
the Sequent Packet Protocol (SPP). These VINKS spec,He protocols provide a 
gram semce 0nen ’ mechanism ’ IPC also supports unreliable data- 

Routing Update Protocol (RTP) is the network-layer protocol responsible for propagat¬ 
ing routing updates. Routing decisions are based on a delay metric. The administrator 
can assign the delay metric to each interface. If not defined statically a delav metric 
based on bandwidth ,s assigned to the interface. The delay metric is multiplied by 200 

front'd ff SeC °r^ S 7 u ‘"u USable “ tlmC intervai '’ format - Ti ™ interval values 
from different interfaces can then be compared more easily. 

VINES messages are generated at 90-second intervals: 

• Clients send hellos. 

• Servers send hellos and updates. 

• Routers send routing updates. 

Cisco also supports the Sequenced Routing Update Protocol (SRTP). This more recent 
routing protocol uses an update-based scheme for routers and servers to communicate 

update! 8CS ' ' S Slm ‘ iar C ° thC RIP r ° Uting Pr ° CeSS in itS use of P eriodit -' roLlt ing 
t 48 bl “ (4-byte, mk , M ,„, aod t6 . bi , „. 

Network Number 

tZTi rk T mber 7 UniqUe Va ' Ue aS$igned C ° each Server ’ ic is the fi t« number of the 
networkisubnet number pairs shown in Figure C-2. Banyan servers have a hardware 
key that provides their addresses. naruware 

Subnet Number 

The subnet number is equivalent to a host number. These values are hexadecimal format 
and are assigned by function: 1 is used for a server; 8001-FFFF is used for clients. 

Client numbers are usually assigned incrementally beginning at 8001. 
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1:1 

Server 

1:8001 

Client 

■—y 

a, 




Client Server 

3:8001 3:1 


Cisco VINES Network Number 

Cisco’s assigned network address block is hexadecimal 300. The Cisco addresses are 
created from the lower 21 bits of the Ethernet or Token Ring interface Media Access 
Control (MAC) address. These bits are placed behind a block address of 300. The 
resulting value is used by the router as its network number. 


For example, consider the Ethernet address 0000.0c01.58b4. The Cisco router uses the 
last 21 bits of the Ethernet address (0158b4) and places the Cisco block address 300 in 
front. The Cisco router takes the Banyan server number of 300158b4:1. The server sub¬ 
net value of 1 is assigned to routers. 


Host Address Assignment 

A VINES client has no address on startup. A broadcast message, using the VINES 
Address Resolution Protocol (ARP), is sent to notify servers that a new client requires 
address assignment, as shown in Figure C-3. 

The first server to respond to the request assigns the client address based on that server’s 
network number and the next available subnet number. 


Hello Messages 

Clients send hellos at 90-second intervals. Servers send hello and update messages at 90- 
second intervals. Cisco routers send update messages at 90-second intervals. Routing 
information is included in the periodic updates. 


Figure C-2 

VINES 
addressing 
uses a net- 
work:subnet 
pair for both 
servers and 
clients. 
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Figure C-3 

A new client 
broadcasts an 
ARP request 
to get an 
address. 


Vour network 
address is 
3:8001. 


1:1 

Server 


Any servers 
out there? 


" - me vuNtb routing process. 

segments where there is no VINES server , 1 ,.. 
Propagates client service 


VINES Configuration Commands 

The vines routing command starts the VINES mntln. 

server network address based on a block of addresse 8 pr ° cess -^ lsco ma PS to a reserved 
created contains 21 bits from the MAC address of an EdT' 8 "^ b -p.f anyan ' The address 

hard coded^use^he^tbnd recompute^ke S ^ord t to r forc ,eCaU d e ^ n ° l 

> ord to force random address selection. 
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The vines metric command turns on VINES processing in this interface. This configu¬ 
ration statement is required for each interface. 

If no metric is specified, the Cisco router uses a default metric based on the bandwidth 
of the link, as follows: 


Interface Type 

Ethernet 

16-Mb Token Ring 
4-Mb Token Ring 
56-Kb Serial 
9600 Serial 


Delay Metric Value 


The vines arp-enable command allows the router to assign client addresses. The 
optional keyword dynamic should be used on segments that have no VINES server 
present. If no option is specified, the router responds to all ARP requests, even if a 
VINES server is present on this network. 

The vines serverless command allows the propagation of certain broadcast packets by 
the router. These broadcast packets are forwarded to the nearest server. The use of the 
vines serverless command is limited to segments that do not have servers. 

In Figure C-4, two Cisco routers are being configured to route VINES communications 
across a serial link. 



vines routing 


Cisco 

30015570:1 


interlace ethernet 0 
vines metric 
vines arp-enable 
vines severless 


Token 
\ Ring, 


interface serial 0 
vines metric 


Client 

30011722:8001 


Cisco 

30011722:1 


Figure C-4 

A VINES con¬ 
figuration 
example, in 
which two 
Cisco routers 
are being con¬ 
figured to 
route VINES 
communica¬ 
tions across a 
serial link. 
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Router Confi«u ra „„„ 
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The vines arp-enable command enables rh» 

requests. ARP requests are .ssued when the T'" “ reSP ° nd C ° VINES ARP 
•it startup. the tl,ent requires address assignment 

The vines serveriess command enables rh«. 

to the nearest VINES server. H " t0 forward service broadcasts 

With these commands rhe VTMfc - 

address assignment requests and forwards^roadc^r 6031 ’ 1611 ' ^ r ° Uter res P ond s to 
interface Ethernet 0. adcast service requests that arrive on 

VINES Access Lists 

Unlike other networking protocols the VIMcc 
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network and subnetwork numbers. b ' A co,on separates the VINES 
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The minimal form of VINES access Hero • . . 

source VINES address only. The router permfts’oTd ^ F ° r this fi,ter ’ enter a 
type of access list. Pe ™ ,tS or den '« all VINES packets using this 
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VINES source and destination address arguments for access list statements point to the 
network. The administrator uses these to control packet traffic between systems. 

Once the administrator applies a VINES access list to a router interface, the router inter¬ 
face will permit or deny outgoing traffic matching the access list statements. Packets 
generated by the router itself are not subject to the access list controls. 

The vines access-list command is used to create an entry in the traffic filter list. This list 
defines traffic that is interesting” and should be either permitted or denied for for¬ 
warding. Refer to the Cisco documentation or www.cisco.com for more information on 
the vines access-list command. 

Monitoring VINES Operation 

The following commands are used to monitor the operation of VINES: 

• Use the show vines interface command to display the status of the interface. 
The status information includes addresses, update timers, and presence of 
access lists. 

• Use the show vines route command to display the contents of the VINES 
routing table, including known areas. 

• Use the show vines neighbor command to display the contents of the neighbor 
table. This table contains host names, MAC addresses, encapsulation type, and 
interface port information. 

• Use the debug vines routing command to display the contents of the periodic 
routing updates, including the incoming interface and cost to each network. 

For more information on monitoring VINES operation, refer to the Cisco documenta¬ 
tion or go to www.cisco.com. 
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Autoinstalling 

Configuration Data 


The Autolnstall procedure allows a network administrator to configure a router 
remotely over the network. This configuration is most useful for establishing new rout¬ 
ers in remote locations where branch office staff members have limited networking 
knowledge and skills. 

The new router must be connected to an existing router on either a WAN or LAN link, 
as shown in Figure D-l. Both existing and new routers must be running Cisco IOS 
Release 9.1 or later for encapsulations other than Frame Relay. For Frame Relay encap¬ 
sulation, both routers must be running Cisco IOS Release 10.3 or later. 


New Router 


New Router 


9 



SLARP 


IP Address 


Existing Router 


3 Route 


BOOTP server 

• Provides IP address 

• Uses helper-address 
to TFTP server 


TFTP server provides 

• Host name 

• startup-config. file 


DNS server (if needed) 

• Provides address-to-host 
name translation 


Figure D-1 

Autolnstall 
enables you to 
configure a 
new router 
automatically 
and remotely. 
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This server provides a host name for the address presented by the new router. If this IP 
address-to-host name translation does not occur on the TFTP server, the new router 
uses a Domain Name System (DNS) server. The new router configuration is down¬ 
loaded from a reachable TFTP server to the new router. 

The Autolnstall procedure has several steps, as shown in Figure D-2. 


Figure D-2 

The new 
router 
acquires its IP 
address, host 
name, and 
configuration. 


Existing 


TFTP 

server 


SLARP request 


TFTP request to resolve host name 


TFTP reply with network-config. 


TFTP request for hostname-config. 


TFTP reply downloads config. file 
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These Autolnstall steps are outlined as follows: 

1. First, the new router sends a Serial Line Reverse Address Resolution Protocol 
(SLARP) request packet over the serial line. The existing router will reply with 
its IP address. If the address is the first host of the subnet, for example 
xx.xx.xx.1 in a class B network with subnet mask 255-255-255-0, the new 
router will automatically be assigned the second subnet host address for its 
own serial interface, for example, xx.xx.xx.2. 

2. Once it has obtained an IP address, the new router requests a translation by 
the TFTP server to resolve this IP address into a host name. The response to 
this request comes in the form of a network-confg file containing the host 
name for the new router. 

3. The new router uses its newly acquired host name to request the hostname- 
confg file that contains its specific configuration entries. The TFTP server 
downloads this file to the new router. 

4. The Autolnstall process also includes several fallback requests to use if a com¬ 
mon scenario fails to provide the proper response to the new router’s requests. 

If the host name request to the TFTP server fails to provide the new router with 
a host name, it will fall back to another request procedure. This sends a re¬ 
quest to the DNS server to obtain IP address-to-host name translation. Figure 
D-3 illustrates the fallback process. 

Figure D-3 

If host name 
resolution 
from TFTP 
network-confg 
fails, the new 
router sends a 
request to the 
DNS server. 
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\ Decimal to Hexadecimal 
\ and Binary Conversion 
\ Table 


Decimal Value 

Hexadecimal Value 

Binary Value 

0 

00 

0000 0000 

1 

01 

0000 0001 

2 

02 

0000 0010 

3 

03 

0000 0011 

4 

04 

0000 0100 

5 

05 

0000 0101 

6 

06 

0000 0110 

7 

07 

0000 0111 

8 

08 

0000 1000 

9 

09 

0000 1001 

10 

0A 

0000 1010 

11 

0B 

0000 1011 

12 

OC 

0000 1100 

13 

0D 

0000 1101 

14 

0E 

0000 1110 

15 

OF 

0000 1111 

16 

10 

0001 0000 

17 

11 

0001 0001 

18 

12 

0001 0010 

19 

13 

0001 0011 

20 

14 

0001 0100 

21 

15 

0001 0101 
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Decimal Value 

21~ 

23 

24 

25 

26 

27 

28 

29 

30 

31 

32 

33 

34 

35 

36 

37 

38 

39 

40 

41 

42 

43 

44 

45 

46 

47 

48 

49 

50 

51 

52 

53 

54 

55 

56 

57 

58 

59 

60 
61 


Hexadecimal Value 

16 

17 

18 
19 
1A 
IB 
1C 
ID 
IE 
IF 
20 
21 
22 

23 

24 

25 

26 

27 

28 

29 
2A 
2B 
2C 
2D 
2E 
2F 

30 

31 

32 

33 

34 

35 

36 

37 

38 

39 
3A 
3B 
3C 
3D 


_ Binary Value 

0001 0110 
0001 0111 
0001 1000 
0001 1001 
0001 1010 
0001 1011 
0001 1100 
0001 1101 
0001 1110 
oooi mi 
0010 0000 
0010 0001 
0010 0010 
0010 0011 
0010 0100 
00100101 
00100110 
0010 0111 
0010 1000 
0010 1001 
0010 1010 
0010 1011 
0010 1100 
0010 1101 
0010 1110 
ooio mi 
0011 0000 
0011 0001 
0011 0010 
0011 0011 
0011 0100 
0011 0101 
0011 0110 
0011 0111 
0011 1000 
0011 1001 
0011 1010 
0011 1011 
0011 1100 
0011 1101 
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Decimal Value 


Hexadecimal Value 


Binary Value 
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Decimal Value 

Hexadecimal Value 

Binary Value 

142 

8E 

1000 1110 

143 

8F 

1000 1111 

144 

90 

1001 0000 

145 

91 

1001 0001 

146 

92 

1001 0010 

147 

93 

1001 0011 

148 

94 

10010100 

149 

95 

1001 0101 

150 

96 

1001 0110 

151 

97 

1001 0111 

152 

98 

1001 1000 

153 

99 

1001 1001 

154 

9A 

1001 1010 

155 

9B 

1001 1011 

156 

9C 

1001 1100 

157 

9D 

1001 1101 

158 

9E 

1001 1110 

159 

9F 

iooi mi 

160 

A0 

1010 0000 

161 

A1 

1010 0001 

162 

A2 

1010 0010 

163 

A3 

10100011 

164 

A4 

1010 0100 

165 

A5 

10100101 

166 

A6 

10100110 

167 

A7 

10100111 

168 

A8 

1010 1000 

169 

A9 

1010 1001 

170 

AA 

1010 1010 

171 

AB 

1010 1011 

172 

AC 

1010 1100 

173 

AD 

1010 1101 

174 

AE 

1010 1110 

175 

AF 

ioio nil 

176 

B0 

1011 0000 

177 

B1 

1011 0001 

178 

B2 

1011 0010 

179 

B3 

1011 0011 

180 

B4 

1011 0100 

181 

B5 

1011 0101 
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Decimal Value 

Hexadecimal Value 

Binary Value 

222 

DE 

1101 1110 

223 

DF 

1101 1111 

224 

E0 

1110 0000 

225 

El 

11 in nnm 

226 

E2 

1 1 1U \J\J\J 1 

1110 0010 

227 

E3 

1110 0011 

228 

E4 

1110 0100 

229 

E5 

11100101 

230 

E6 

1110 0110 

231 

E7 

11100111 

232 

E8 

1110 1000 

233 

E9 

1110 1001 

234 

EA 

1110 1010 

235 

EB 

1110 1011 

236 

EC 

1110 1100 

237 

ED 

1110 1101 

238 

EE 

1110 1110 

239 

EF 

mo mi 

240 

F0 

nil oooo 

241 

FI 

nil oooi 

242 

F2 

nil ooio 

243 

F3 

nil oon 

244 

F4 

nil oioo 

245 

F5 

nil oioi 

246 

F6 

nil ono 

247 

F7 

nil oni 

248 

F8 

nil iooo 

249 

F9 

nil iooi 

250 

FA 

nil ioio 

251 

FB 

nil ion 

252 

FC 

nil noo 

253 

FD 

nil noi 

254 

FE 

nil mo 

255 

FF 

nil nil 







Password Recovery 


This appendix explains several password recovery techniques for Cisco routers and 
Catalyst switches. You can perform password recovery on most of the platforms with¬ 
out changing hardware jumpers, but all platforms require the router to be reloaded. 
Password recovery can be done only from the console port physically attached to the 
router. 

There are three ways to restore access to a router when die password is lost. You can 
view the password, change the password, or erase the configuration and start over as if 
the box were new. 

Each procedure follows these basic steps: 

1. Configure the router to boot up without reading :he configuration memory 
(NVRAM). This is sometimes called the “test system mode.” 

2. Reboot the system. 

3. Access enable mode (which can be done w.tneut a password if you are in 
test system mode). 

4. View or change the password, or erase the configuration. 

5. Reconfigure the router to boot up and read the NVRAM as it normally does. 

6. Reboot the system. 
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Some password recovery requires a terminal to issue a BREAK signal; you must be famil¬ 
iar with how your terminal or PC terminal emulator issues this signal. For example, in Pro- 
Comm, the keys Alt-B will by default generate the BREAK signal, and in Windows Terminal 
you press Break or Ctrl-Break. Windows Terminal also allows you to define a function key as 
BREAK. From the terminal window, select Function Keys and define one as BREAK by filling 
in the characters A $B (Shift 6, Shift 4, and Capital Bl. 


The following sections contain detailed instructions for specific Cisco routers and Cat¬ 
alyst switches. Locate your product at the beginning of each section to determine which 
technique to use. 

Technique #1 

Relevant devices are: all Cisco AGS, Cisco 2000 Series, Cisco 2500 Series, Cisco 3000 
Senes, 680x0-Based Cisco 4000 Series, Cisco 7000 Series Running Cisco IOS 10.0 or 
Later in ROMs, IGS Series Running Cisco IOS 9.1 or Later in ROMs. 

This technique can be used on the Cisco 7000 and Cisco 7010 only if the router has 
Cisco IOS 10.0 ROMs installed on the RP card. It may be booting Flash Cisco IOS 10.0 
software, but it needs the actual ROMs on the processor card as well. 

1. Attach a terminal or PC with terminal emulation to the console port of the 
router. 

2. Type show version and record the setting of the configuration register. It is 
usually 0x2102 or 0x102. 

3. Power the router down, and then up. 

4. Press the Break key on the terminal within 60 seconds of the power up. You 
will see the > prompt with no router name. If you don’t, the terminal is not 
sending the correct Break signal. In that case, check the terminal or terminal 
emulation setup. 

5. Type o/r 0x42 at the > prompt to boot from Flash or o/r 0x41 to boot from 
the boot ROMs. (Note that this is the letter M o, ” not the numeral zero.) If 
you have Flash and it is intact, 0x42 is the best setting. Use 0x41 only if the 
Flash is erased or not installed. 
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If you use 0x41, you can only view or erase the configuration. You cannot change the 
password. 


6. Type i at the > prompt. The router will reboot but will ignore its saved con¬ 
figuration. 

7. Answer no to all the setup questions. 

8. Type enable at the Router> prompt. You’ll be in enable mode and see the 
Router# prompt. 

9. Choose one of these three options: 

• To view the password, type show config. 

• To change the password (in case it is encrypted, for example), do the 
following: 

a. Type config mem to copy the NVRAM into memory. 

b. Type wr term. 

If you have enable secret xxxx, then: 

Type config term and make the changes. 

Type enable secret <password>. 

Press Ctrl-Z. 

If you do not, then: 

Type enable password <password>. 

Press Ctrl-Z. 

c. Type write mem to commit the changes. 

• To erase the config, type write erase. 

10. Type config term at the prompt. 

11. Type config-register 0x2102, or whatever value you recorded in step 2. 

12. Press Ctrl-Z to quit from the editor. 

13. Type reload at the prompt. You do not need to write memory. 
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Technique #2 

Relevant devices are: Cisco 1003, Cisco 4500, IDT Orion-Based Cisco 3600, or Motorola 
860-Based Cisco 2600. 

1. Attach a terminal or PC with terminal emulation to the console port of the 
router. 

2. Type show version and record the setting of the configuration register. It is 
usually 0x2102 or 0x102. 

3. Power the router down, and then up. 

4. Press the Break key on the terminal within 60 seconds of the power up. 

You will see the rommon> prompt. If you don’t, the terminal is not sending 
the correct Break signal. In that case, check the terminal or terminal emula¬ 
tion setup. 

5. Type confreg at the rommon> prompt. 

6 . Answer y to the Do you wish to change configuration[y/n|?” prompt. 

7. Answer n to all the questions that appear until you reach the “ignore system 
config info[v/n|?” prompt. Answer y. 

8. Answer n to the remaining questions until you reach the “change boot char- 
acteristics[y/n|?’’ prompt. Answer y. 

9. At the enter to boot: prompt, type 2 followed by a carriage return. 

If Flash is erased, type 1. If all Flash is erased, the 4500 must be returned to 
Cisco for service. 

CAUTION- 

If you use "1," you can only view or erase the configuration. You cannot change the 
password. 


10. A configuration summary is printed. Answer no to the “Do you wish to 
change configuration[y/n]?” prompt. 

11. Type reset at the rommon> prompt, or power-cycle your 4500 or 7500. 

12. Once it boots up, answer no to all the Setup questions. 

13. Type enable at the Router> prompt. You’ll be in enable mode and see the 
Router# prompt. 




14. Choose one of these three options: 

• To view the password, type show config. 

• To change the password (in case it is encrypted, for example): 

a. Type config mem to copy the NVRAM into memory. 

b. Type wr term. 

If you have enable secret xxxx, then: 

Type config term and make the changes. 

Type enable secret <password>. 

Press Ctrl-Z. 

If you do not, then: 

Type enable password <&ltpassword>. 

Press Ctrl-Z. 

c. Type write mem to commit the changes. 

• To erase the config, type write erase. 

15. Type config term at the prompt. 

16. Type config-register 0x2102 or whatever value you recorded in step 2. 

17. Press Ctrl-Z to quit from the editor. 

18. Type reload at the prompt. You do not need to write memory. 

Password recovery procedures for Cisco Catalyst switches and older Cisco routers and 
communication servers can be found at www.cisco.com/warp/customer/701/22.htm. 









Relay Examples 
Configurations 


This appendix includes AppleTalk and IPX Frame Relay configuration examples, and a 
Frame Relay switching example. 


AppleTalk over Frame Relay Example 

In the example shown in Figure G—1, the two routers communicate with each other 
using AppleTalk over the Frame Relay network. 

On router A, the following commands configure AppleTalk over Frame Relay: 

Command Description 

encapsulation frame-relay Enables Frame Relay 

appletalk cable-range 18-18 18.47 Enables an extended AppleTalk network and sets 

the cable range and node address 

appletalk zone eng Configures the zone name for the connected 

AppleTalk network 

frame-relay map appletalk Maps the remote 18.65 AppleTalk address to 

18.65 23 broadcast DLCI number 23 
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A 

18.47 


B 

18.65 


Figure G-1 

Using Apple¬ 
Talk over the 
Frame Relay 
network. 



Frame Relay Network 
DLCI23 DLCI101 



interlace s 0 

ip address 172.21.48.24 255.255.255.0 
encapsulation frame-relay 
appletalk cable-range 18-18 18.47 
appletalk zone eng 

frame-rely map appletalk 18.65 23 broadcast 


interface s 2/3 

ip address 172.21.48.31 255.255.255.0 
encapsulation frame-relay 
appletalk cable-range 18-18 18.65 
appletalk zone eng 

frame-rely map appletalk 18.47 101 broadcast 


On router B, the following commands are used: 


Command 

encapsulation frame-relay 
appletalk cable-range 18-18 18.65 

appletalk zone eng 

frame-relay map appletalk 
18.47 101 broadcast 


Description 

Enables Frame Relay 

Enables an extended AppleTalk network and sets 
the cable range and node address 
Configures the zone name for the connected 
AppleTalk network 

Maps the remote 18.47 AppleTalk address to 
DLCI number 101 


In the example shown in Figure G—1, Frame Relay is configured on the main interface. 

Configuring IPX over Frame Relay Example 

In the example shown in Figure G—2, router A has two IPX networks corresponding to 

r * Re * a y su binterfaces. Router B has a single statically mapped Frame Relay-based 
11 X network. 



Frame Relay Examples and Configurations 


Appendix G 


On router A, the following commands are used to configure IPX over Frame Relay: 


Description 


Command 


Defines the interface 
Enables Frame Relay 

Configures subinterface S0.1 as a point-to-point 
interface 

Configures IPX network 1 on the S0.1 subinterface 
Configures network 1 using DLCI 23 
Configures subinterface S0.2 as a point-to-point 
interface 

Configures network 2 on subinterface SO.2 
Configures Inverse ARP on network 2 using DLCI 27 


Interface SO 

Encapsulation frame-relay 
interface s 0.1 point-to-point 


ipx network 1 

frame-relay interface-dlci 23 
interface s 0.2 point-to-point 


ipx network 2 
frame-relay interface-dlci 27 


Frame Relay Network 


Figure G-2 

Router A con¬ 
nects to rout¬ 
ers B and C 
through a 
Frame Relay 
cloud. 


ipx routing 0000.0c07.85c2 


interface s 0 

encapsulation frame-relay 


ipx routing 0000.0c07.5f4f 


interface s 0 

encapsulation frame-relay 


interface s 0.1 point-to-point 
ipx network 1 

frame-relay interface-dlci 132 


interface s0.1 point-to-point 
network 1 

frame-relay interface-dlci 23 
interface s 0.2 point-to-point 
ipx network 2 

frame-relay interface-dlci 27 
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On router B, the following commands are used: 

Command r* 

- Description 

frame-relay interface-dlc. 132 Confi^ °' Rday 

132 Configures network 1 using DLCI 132 

Frame Relay Switching Example 

between interfa^S t0 switc j F ™me Relay frames 

as slmwn^'^^tcf^^r^n o'”Figure l G-!3. COn ^ gUre ^ (switch)* 

Figure G-3 

Switching can 
be configured 
for local or 
remote opera¬ 
tions. 


Remote 

Switching IP Network 



Remote Frame Relay switching enahlec t-L.. 

,P data grams and tunnel them across a^^k£ n r CaP *l! ,,ate Rday frames 

of Figure G-3. The Cisco generic routine en -an I fi Sh ° Wn ,n the lower Portion 
-remote Frame Relay switching. The router' isVs^ 

ti0n m RgUre ^ » d^ne Frame Relay switching for an IP 


Local 

Switching 


Frame Relay Network 
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Figure G-4 

A remote 
Frame Relay 
switch 

configuration. 


source identifier. The traffic will be carried through the IP network using a GRE tunnel 
having a next-hop destination of 172.16.100.1. The tunnel uses the same DLCI number. 

On the left side of Figure G-4, the parameters of the frame-relay route command have 
the following meanings: 

• 167—The DLCI of the arriving (source) traffic to be switched 

• tuO—The outgoing interface to use 

• 43—The outgoing DLCI to be used when forwarding the traffic 
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The other critical commands are as follows: 


Command 

frame-relay intf-type dec 
tunnel source serial 1 
tunnel destination 172.16.13.2 


Description 

- 

p“stsrst;“,r ‘r ha ° -« 

tunnel. 1 as the entr y into the 

SkS *“ it' , 7 ,“' «»" -<& » IP 

' 6 ‘ 3 2 as tunnel destination. 


Glossary 


A 

AARP— AppleTalk Address Resolution Protocol. Protocol in the AppleTalk protocol 
stack that maps a data-link address to a network address. 

AARP probe packets—Packets transmitted by AARP that determine if a randomly 
selected node ID is being used by another node in a nonextended AppleTalk network. 
If the node ID is not being used, the sending node uses that node ID. If the node ID is 
being used, the sending node chooses a different ID and sends more AARP probe 
packets. 

ABM— Asynchronous Balanced Mode. An HDLC (and derivative protocol) communi¬ 
cation mode supporting peer-oriented, point-to-point communications between two 
stations, where either station can initiate transmission. 

access list—List kept by routers to control access through or to the router for a number 
of services (for example, to prevent packets with a certain IP address from leaving a par¬ 
ticular interface on the router). 

access method—1. Generally, the way in which network devices access the network 
medium. 2. Software within an SNA processor that controls the flow of information 
through a network. 

ACK —See acknowledgment. 
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acknowledgment—Notification sent from one network device to another to acknowl¬ 
edge that some event (for example, receipt of a message) occurred. Sometimes abbrevi¬ 
ated ACK. Compare to NAK. 

active monitor—Device responsible for performing maintenance functions on a Token 
Ring. A network node is selected to be the active monitor if it has the highest MAC 
address on the ring. The active monitor is responsible for such ring maintenance tasks 
as ensuring that tokens are not lost and that frames do not circulate indefinitely. 

adapter—See NIC. 

address—Data structure or logical convention used to identify a unique entity, such as 
a particular process or network device. 

address mapping Technique that allows different protocols to interoperate by trans¬ 
lating addresses from one format to another. For example, when routing IP over X.25, 
the IP addresses must be mapped to the X.25 addresses so that the IP packets can be 
transmitted by the X.25 network. 

address mask—Bit combination used to describe which portion of an address refers to 
the network or subnet and which part refers to the host. Sometimes referred to simply 
as mask. 

address resolution—Generally, a method for resolving differences between computer 
addressing schemes. Address resolution usually specifies a method for mapping network 
layer (Layer 3) addresses to data link layer (Layer 2) addresses. 

Address Resolution Protocol—See ARP. 

adjacency—Relationship formed between selected neighboring routers and end nodes 
for the purpose of exchanging routing information. Adjacency is based on the use of a 
common media segment. 

Advanced Research Projects Agency—See ARPA. 

advertising—Router process in which routing or service updates are sent so that other 
routers on the network can maintain lists of usable routes. 

AEP—AppleTalk Echo Protocol. Used to test connectivity between two AppleTalk 
nodes. One node sends a packet to another node and receives a duplicate, or echo, of 
that packet. 

AFP—AppleTalk Filing Protocol. Presentation-layer protocol that allows users to share 
data files and application programs that reside on a file server. AFP supports AppleShare 
and Mac OS File Sharing. 





agent—1. Generally, software that processes queries and returns replies on behalf of an 
application. 2. In N.VISs, process that resides in all managed devices and reports the val¬ 
ues of specified variables to management stations. 

algorithm— Well-defined rule or process for arriving at a solution to a problem. In net¬ 
working, algorithms are commonly used to determine the best route for traffic from a 
particular source to a particular destination. 

ANSI— American National Standards Institute. Voluntary organization composed of 
corporate, government, and other members that coordinates standards-related activi¬ 
ties approves U.S. national standards, and develops positions for the United States in 
international standards organizations. ANSI helps develop international and U.S. stan¬ 
dards relating to, among other things, communications and networking. ANSI is a 
member of the IEC and the ISO. 


AppleTalk— Series of communications protocols designed by Apple Computer consist¬ 
ing of two phases. Phase 1, the earlier version, supports a single physical network that 
can have only one network number and be in one zone. Phase 2 supports multiple log¬ 
ical networks on a single physical network and allows networks to be in more than one 
zone. See also zone. 

application— Program that performs a function directly for a user. FTP and Telnet cli¬ 
ents are examples of network applications. 


application laver-Layer 7 of the OSI reference model. This layer provides services to 
application processes (such as e-mail, file transfer, and terminal emulation) that are out¬ 
side the OSI model. The application layer identifies and establishes the availability of 
intended communication partners (and the resources required to connect with them), 
synchronizes cooperating applications, and establishes agreement on procedures tor 
error recovery and control of data integrity. Corresponds roughly with the transaction 
services layer in the SNA model. See also data link layer, network layer, physical layer. 


area-Logical set of network segments (CLNS-, DECnet-, or OSPF-based) and their 
attached devices. Areas are usually connected to other areas via routers, making up a 


single autonomous system. 

ARP—Address Resolution Protocol. Internet protocol used to map an IP address to a 
MAC address. Defined in RFC 826. Compare with RARP. 


ARPA— Advanced Research Projects Agency. Research and development organization 
that is part of DoD. ARPA is responsible for numerous technological advances in com¬ 
munications and networking. ARPA evolved into DARPA, and then back into ARPA 
again (in 1994). 
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ARPANET—Advanced Research Pro . 
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Asynchronous Transfer Mode-See ATM. 
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uuthentication In security, the verification of the identity of a p> 

y t a person or process. 




B 

backbone—Part of a network that acts as the primary path for traffic that is most often 
sourced from, and destined for, other networks. 

bandwidth—Difference between the highest and lowest frequencies available for net¬ 
work signals. The term is also used to describe the rated throughput capacity of a given 
network medium or protocol. 

bandwidth reservation—Process of assigning bandwidth to users and applications 
served by a network. Involves assigning priority to different flows of traffic based on 
how critical and delay-sensitive they are. This makes the best use of available band¬ 
width, and if the network becomes congested, lower-priority traffic can be dropped. 
Sometimes called bandwidth allocation. 

Banyan VINES—See VINES. 

Basic Rate Interface—See BRI. 

B channel—bearer channel. In ISDN, a full-duplex, 64-kbps channel used to send user 
data. Compare to D channel , E channel, and H channel. 

binary—Numbering system characterized by ones and zeros (I = on; 0 = off). 

BOOTP—Bootstrap Protocol. Protocol used by a network node to determine the IP 
address of its Ethernet interfaces to affect network booting. 

Bootstrap Protocol—See BOOTP. 

BRI—Basic Rate Interface. ISDN interface composed of two B channels and one D 
channel for circuit-switched communication of voice, video, and data. Compare with 
PRI. 

bridge—Device that connects and passes packets between two network segments that 
use the same communications protocol. Bridges operate at the data link layer (Layer 2) 
of the OSI reference model. In general, a bridge will filter, forward, or flood an incoming 
frame based on the MAC address of that frame. 

broadcast—Data packet that will be sent to all nodes on a network. Broadcasts are 
identified by a broadcast address. Compare with multicast and unicast. See also broad¬ 
cast address. 

broadcast address—Special address reserved for sending a message to all stations. Gen¬ 
erally, a broadcast address is a MAC destination address of all ones. Compare with multi¬ 
cast address and unicast address. See also broadcast. 
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circuit group—Grouping of associated serial lines that link two bridges. If one of the 
serial links in a circuit group is in the spanning tree for a network, any of the serial links 
in the circuit group can be used for load balancing. This load-balancing strategy avoids 
data ordering problems by assigning each destination address to a particular serial link. 

client—Node or software program (front-end device) that requests services from a 
server. 

client/server computing—Term used to describe distributed computing (processing) 
network systems in which transaction responsibilities are divided into two parts: client 
(front end) and server (back end). Both terms (client and server) can be applied to soft¬ 
ware programs or actual computing devices. .Also called distributed computing (pro¬ 
cessing). Compare with peer-to-peer computing. 

client/server model—Common way to describe network services and the model user 
processes (programs) of those services. Examples include the nameserver/nameresolver 
paradigm of the DNS and fileserver/file-client relationships such as NFS and diskless 
hosts. 

CO—central office. Local telephone company office to which all local loops in a given 
area connect and in which circuit switching of subscriber lines occurs. 

coding—Electrical techniques used to convey binary signals. 

common carrier—Licensed, private utility company that supplies communication ser¬ 
vices to the public at regulated prices. 

congestion—Traffic in excess of network capacity. 

congestion avoidance—Mechanism by which an ATM network controls traffic entering 
the network to minimize delays. To use resources most efficiently, lower-priority traffic 
is discarded at the edge of the network if conditions indicate that it cannot be delivered. 

connectionless—Term used to describe data transfer without the existence of a virtual 
circuit. Compare with connection-oriented. See also virtual circuit. 

connection-oriented—Term used to describe data transfer that requires the establish¬ 
ment of a virtual circuit. See also connectionless and virtual circuit. 

console—DTE through which commands are entered into a host. 

convergence—Speed and ability of a group of internetworking devices running a spe¬ 
cific routing protocol to agree on the topology of an internetwork after a change in that 
topology. 
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data-link control layer—Layer 2 in the SNA architectural model. Responsible for the 
transmission of data over a particular physical link. Corresponds roughly to the data 
link layer of the OSI model. See also data flow control layer, path control layer, physical 
control layer, presentation services layer, transaction services layer, and transmission 
control layer. 

data link layer—Layer 2 of the OSI reference model. Provides transit of data across a 
physical link. The data link layer is concerned with physical addressing, network topol¬ 
ogy, line discipline, error notification, ordered delivery of frames, and flow control. The 
IEEE divided this layer into two sublayers: the MAC sublayer and the LLC sublayer. 
Sometimes simply called link layer. Roughly corresponds to the data-link control layer 
of the SNA model. 

DCE—1. data communications equipment (EIA expansion) 2. data circuit-terminating 
equipment (ITU-T expansion). Devices and connections of a communications network 
that comprise the network end of the user-to-network interface. The DCE provides a 
physical connection to the network, forwards traffic, and provides a clocking signal 
used to synchronize data transmission between DCE and DTE devices. Modems and 
interface cards are examples of DCE. Compare with DTE. 

D channel—1. delta channel. Full-duplex, 16-kbps (BRI) or 64-kbps (PRI) ISDN chan¬ 
nel. Compare with B channel, E channel, and H channel. 2. In SNA, a device that con¬ 
nects a processor and main storage with peripherals. 

DDP—Datagram Delivery Protocol. AppleTalk network layer protocol responsible for 
the socket-to-socket delivery of datagrams over an AppleTalk internetwork. 

DDR—dial-on-demand routing. Technique whereby a router can automatically initiate 
and close a circuit-switched session as transmitting stations demand. The router spoofs 
keepalives so that end stations treat the session as active. DDR permits routing over 
ISDN or telephone lines sometimes using an external ISDN terminal adaptor or 
modem. 

DECnet—Group of communications products (including a protocol suite) developed and 
supported by Digital Equipment Corporation. DECnet/OSI (also called DECnet Phase 
V) is the most recent iteration and supports both OSI protocols and proprietary Digital 
protocols. Phase IV Prime supports inherent MAC addresses that allow DECnet nodes to 
coexist with systems running other protocols that have MAC address restrictions. 

DECnet Routing Protocol (DRP)—Proprietary routing scheme introduced by Digital 
Equipment Corporation in DECnet Phase III. In DECnet Phase V, DECnet completed 
its transition to OSI routing protocols (ES-IS and IS-IS). 

default route—Routing table entry that is used to direct frames for which a next hop is 
not explicitly listed in the routing table. 
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demarc—Demarcation point between carrier equipment and CPE. 

demultiplexing—-The separating of multiple input streams that have been multiplexed 
° 3 COmm ° n phyS,Ca ' S ‘S nal back in «> multiple output streams. See also muhiptllng. 
designated router-OSPF router that generates LSAs for a multiaccess network and has 
other special responsibilities in running OSPF. Each multiaccess OSPF network that has 
at least two attached routers has a designated router that is elected bv the OSPF Hello 
protoco . The designated router enables a reduction in the number of sd;,. ' 

col traffi ° n a , mult ' aCCeSS network ’ which in turn reduces the amount of routing proto- 
col traffic and the size of the topological database. ° ^ 

desunation address-Address of a network device that is receiving data. See also source 
destination service access point—See DSAP. 

DFFCP-Dynamic Host Configuration Protocol. Provides a mechanism for allocating IP 
longer nee^them'." 5, $ ° aUt0matica "y be reused when hosts no 

dial-on-demand routing—See DDR. 

tlon usil n t^e| I T niCatl0nS C ' rCUit 15 eStabli5hed ^ 3 Pitched-circuit connec¬ 
tion using the telephone company network. 

beroThon Ct0r r ° Utm8 a,g °/ i ‘ hm T C ' aSS ° f rout ' n g algorithms that iterate on the num- 
algorkhms c M f ^7° 3 sh ° r j eSt -P ath s P an "ing tree. D,stance vector routing 

m its new h n- r ° Uter t0 S£nd itS endre r ° Utin S table in eacb “P^e, but only 
Ire a™! ^! StanCe , VeCt ° r T 1 !" 6 a, S° ritbms ca n be prone to routing loops, but 

Ford rourrn" I na y K Slm c P f ^ ^ rOUtin S al 8-thms. Also called Bellman- 
ord routing algorithm. See also link state routing algorithm. 

work nodTinto^ddressT" 1 ' SyStem the Internet f ° r translatin 8 names of nef - 

Defbnse - government organization that is responsible for 
development ° ^ > °^ > bas frequently funded communication protocol 

DSAP-destination service access point. SAP of the network node designated in the 
Destination field of a packet. Compare with SSAP. See also SAP (service access point). I 



SR 



DTE—data terminal equipment. Device at the user end of a user-network interface that 
serves as a data source, destination, or both. DTE connects to a data network through 
s DCE device (for example, a modem) and typically uses clocking signals generated by 
the DCE. DTE includes such devices as computers, routers, and multiplexers. Compare 
whrh DCE. 

dual attachment station—See DAS. 

dual counter-rotating rings—Network topology in which two signal paths, whose direc- 
ns are opposite each other, exist in a token-passing network. FDD1 and CDDI are 
rased on this concept. 

dual-homed station—Device attached to multiple FDDI concentrators to provide 
redundancy. 

dual homing—Network topology in which a device is connected to the network by way 
: f two independent access points (points of attachment). One access point is the pri¬ 
mary connection, and the other is a standby connection that is activated in the event of 
a railure of the primary connection. 

dynamic routing—Routing that adjusts automatically to network topology or traffic 
■manses. Also called adaptive routing. Requires that a routing protocol be run between 
rruters. 


E 


E1—''Xhde-area digital transmission scheme used predominantly in Europe that carries 
aaaa at a rate of 2.048 Mbps. El lines can be leased for private use from common ear¬ 
ners- Compare with Tl. 

Ed—''Side-area digital transmission scheme used predominantly in Europe that carries 
rata at a rate of 34.368 Mbps. E3 lines can be leased for private use from common ear¬ 
ners. Compare with T3. 

E channel—echo channel. 64-kbps ISDN circuit-switching control channel. The E chan¬ 
nel was defined in the 1984 ITU-T ISDN specification, but was dropped in the 1988 
srsecincation. Compare with B channel, D channel, and H channel. 

EEPROM—electrically erasable programmable read-only memory. EPROM that can 
r«e erased using electrical signals applied to specific pins. 

ETA—Electronic Industries Association. Group that specifies electrical transmission 
standards. The EIA and TIA have developed numerous well-known communications 
standards, including EIA/TIA-232 and EIA/TIA-449. 
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File Transfer Protocol— See FTP. 


filter Generally, a process or device that screens network rraffir for * t 
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Flash memory—Nonvolatile storage that can be electrically erased and reprogrammed 
so that software images can be stored, booted, and rewritten as necessary. Flash mem¬ 
ory was developed by Intel and is licensed to other semiconductor companies. 

flash update—Routing update sent asynchronously in response to a change in the net¬ 
work topology. Compare with routing update. 

flat addressing—Scheme of addressing that does not use a logical hierarchy to determine 
location. 

flow—Stream of data traveling between two endpoints across a network (for example, 


from one LAN station to another). Multiple flows can be transmitted on a single circuit. 

flow control —Technique for ensuring that a transmitting entity does not overwhelm a 
receiving entity with data. When the buffers on the receiving device are full, a message 
is sent to the sending device to suspend the transmission until the data in the buffers has 
been processed. In IBM networks, this technique is called pacing. 

forwarding —Process of sending a frame toward its ultimate destination by way of an 
internetworking device. 

fragment —Piece of a larger packet that has been broken down to smaller units. In 
Ethernet networks, also sometimes referred to as a frame less than the legal limit of 64 


4 

d 


bytes. 


( 


fragmentation —Process of breaking a packet into smaller units when transmitting over 
a network medium that cannot support the original size of the packet. 

frame —Logical grouping of information sent as a data link layer unit over a transmis¬ 
sion medium. Often refers to the header and trailer, used for synchronization and error 
control, that surround the user data contained in the unit. The terms cell, datagram , 
message, packet, and segment are also used to describe logical information groupings 
at various layers of the OSI reference model and in various technology circles. 

frame forwarding —Mechanism by which frame-based traffic, such as HDLC and 
SDLC, traverses an ATM network. 

Frame Relay—Industry-standard, switched data link layer protocol that handles multi¬ 
ple virtual circuits using a form of HDLC encapsulation between connected devices. 
Frame Relay is more efficient than X.25, the protocol for which it is generally consid¬ 
ered a replacement. See also X.25. 

FTP—File Transfer Protocol. Application protocol, part of the TCP/IP protocol stack, 
used for transferring files between network nodes. FTP is defined in RFC 959. 


4 
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full duplex —Capability for simultaneous data transmission between a sending station 
and a receiving station. Compare with half duplex and simplex. 
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full mesh—Term describing a network in which devices are organized in a mesh topol¬ 
ogy, with each network node having either a physical circuit or a virtual circuit connect¬ 
ing it to every other network node. A full mesh provides a great deal of redundancy, but 
because it can be prohibitively expensive to implement, it is usually reserved for net¬ 
work backbones. See also mesh and partial mesh. 



G 

gateway—In the IP community, an older term referring to a routing device. Today, the 
term router is used to describe nodes that perform this function, and gateway refers to 
a special-purpose device that performs an application layer conversion of information 
from one protocol stack to another. Compare with router. 

Gb—gigabit. Approximately 1,000,000,000 bits. 

Get Nearest Server—See GNS. 
gigabit—Abbreviated Gb. 

GNS—Get Nearest Server. Request packet sent by a client on an IPX network to locate 
the nearest active server of a particular type. An IPX network client issues a GNS 
request to solicit either a direct response from a connected server or a response from a 
router that tells it where on the internetwork the service can be located. GNS is part of 
the IPX SAP. See also IPX and SAP (Service Advertisement Protocol). 


H 

half duplex—Capability for data transmission in only one direction at a time between 
a sending station and a receiving station. Compare with full duplex and simplex. 

handshake—Sequence of messages exchanged between two or more network devices to 
ensure transmission synchronization before sending user data. 

hardware address—See MAC address. 

H channel—high-speed channel. Full-duplex ISDN primary rate channel operating at 
384 Kbps. Compare with B channel, D channel, and E channel. 

HDLC High-Level Data Link Control. Bit-oriented synchronous data link layer pro¬ 
tocol developed by ISO. HDLC specifies a data encapsulation method on synchronous 
serial links using frame characters and checksums. 

header—Control information placed before data when encapsulating that data for net¬ 
work transmission. Compare with trailer. 
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hello packet—Multicast packet that is used by routers using certain routing protocols 
for neighbor discovery and recovery. Hello packets also indicate that a client is still 
operating and network-ready. 

holddown—State into which a route is placed so that routers will neither advertise the 
route nor accept advertisements about the route for a specific length of time (the hold¬ 
down period). Holddown is used to flush bad information about a route from all rout¬ 
ers in the network. A route is typically placed in holddown when a link in that route 
fails. 

hop_Passage of a data packet from one network node, typically a router, to another. 

See also hop count. 

hop count—Routing metric used to measure the distance between a source and a desti¬ 
nation. RIP uses hop count as its sole metric. See also hop and RIP. 

host—Computer system on a network. Similar to node, except that host usually implies 
a computer system, whereas node generally applies to any networked system, including 
access servers and routers. See also node. 

host address—See host number. 

host number—Part of an IP address that designates which node on the subnetwork is 
being addressed. Also called a host address. 

HTML—Hypertext Markup Language. Simple hypertext document formatting lan¬ 
guage that uses tags to indicate how a given part of a document should be interpreted 
by a viewing application, such as a Web browser. 

HTTP_Hypertext Transfer Protocol. The protocol used by Web browsers and Web 

servers to transfer files, such as text and graphics files. 

hub—1. Generally, a term used to describe a device that serves as the center of a star- 
topology network and connects end stations. Operates at Layer 1 of the OSI model. 
2. In Ethernet and IEEE 802.3, an Ethernet multiport repeater, sometimes called a 
concentrator. 

hybrid network—Internetwork made up of more than one type of network technology, 
including LANs and WANs. 

Hypertext Transfer Protocol—See HTTP. 
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insured rate-The long-term data throughput, in bits or cells per second, that an ATM 
network commits to support under normal network conditions. The insured rate is 100 
percent allocated; the entire amount is deducted from the total trunk bandwidth along 
the path of the circuit. Compare with excess rate and maximum rate. 

Integrated Services Digital Network—See ISDN. 

interface—1. Connection between two systems or devices. 2. In routing terminology a 
network connection on the router. 3. In telephony, a shared boundary defined by com¬ 
mon physical interconnection characteristics, signal characteristics, and meanings of 
interchanged signals. 4. Boundary between adjacent layers of the OSI model. 

Internet—Largest global internetwork, connecting tens of thousands of networks 
worldwide and having a ' culture" that focuses on research and standardization based 
' U f' Many leading-edge network technologies come from the Internet com¬ 
munity. The Internet evolved in part from ARPANET. At one time called the DARPA 
Internet, not to be confused with the general term internet. 

ils t oTCp P //p OCOl_Any Pr ° tOCOi tHat ‘ S Paft ° f tKe TCP/IP P rotoco1 stack - See IP- See 

internetwork-collection of networks interconnected by routers and other devices that 
functions (generally) as a single network 

internetworking—General term used to refer to the industry devoted to connecting net¬ 
works together. The term can refer to products, procedures, and technologies. 
Internetwork Packet Exchange—See IPX. 

InterNIC-Organization that serves the Internet community by supplying user assis- 
tance, documentation, training, registration service for Internet domain names, net¬ 
work addresses, and other services. Formerly called NIC. 

interoperability—Capability of computing equipment manufactured by different ven¬ 
dors to communicate with one another successfully over a network. 

IP—Internet Protocol. Network layer protocol in the TCP/IP stack offering a connec¬ 
tionless internetwork service. IP provides features for addressing, tvpe-of-service speci¬ 
fication, fragmentation and reassembly, and security. Defined in RFC 791 IPv4 

Seealso'/P^ OCO ' VerS '° n 4) * * COnnectionless ’ best-effort packet switching protocol. 
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Kb kilobit. Approximately 1,000 bits. 
kBps—kilobytes per second, 
kbps kilobits per second. 
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kilobit—Abbreviated Kb. 

kilobits per second—Abbreviated kbps. 

kilobyte—Abbreviated KB. 

kilobytes per second—Abbreviated kBps. 

L 

LAN—local-area network. High-speed, low-error data network covering a relatively 
small geographic area (up to a few thousand meters). LANs connect workstations, 
peripherals, terminals, and other devices in a single building or other geographically 
limited area. LAN standards specify cabling and signaling at the physical and data link 
layers of the OSI model. Ethernet, FDDI, and Token Ring are widely used LAN tech¬ 
nologies. Compare with MAN and WAN. 

LAPB—Link Access Procedure Balanced. Data link layer protocol in the X.25 protocol 
stack. LAPB is a bit-oriented protocol derived from HDLC. See also HDLC and X.25. 

LAPD—Link Access Procedure on the D channel. ISDN data link layer protocol for the 
D channel. LAPD was derived from the LAPB protocol and is designed primarily to sat¬ 
isfy the signaling requirements of ISDN basic access. Defined by ITU-T Recommenda¬ 
tions Q.920 and Q.921. 

LAT—local-area transport. A network virtual terminal protocol developed by Digital 
Equipment Corporation. 

leased line—Transmission line reserved by a communications carrier for the private use 
of a customer. A leased line is a type of dedicated line. 

link—Network communications channel consisting of a circuit or transmission path 
and all related equipment between a sender and a receiver. Most often used to refer to 
a WAN connection. Sometimes referred to as a line or a transmission link. 

Link Access Procedure Balanced—See LAPB. 

Link Access Procedure on the D channel—See LAPD. 

link layer—See data link layer. 

link-layer address—See MAC address. 
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MAC address learning—Service that characterizes a learning switch in which the source 
MAC address of each received packet is stored so that future packets destined for that 
address can be forwarded only to the switch interface on which that address is located. 
Packets destined for unrecognized broadcast or multicast addresses are forwarded out 
every switch interface except the originating one. This scheme helps minimize traffic on 
the attached LANs. MAC address learning is defined in the IEEE 802.1 standard. 

MAC-layer address—See MAC address. 

MAN—metropolitan-area network. Network that spans a metropolitan area. Gener¬ 
ally, a MAN spans a larger geographic area than a LAN, but a smaller geographic area 
than a WAN. Compare with LAN and WAN. 

Management Information Base—See MIB. 

mask—See address mask and subnet mask. 

MAU—media attachment unit. Device used in Ethernet and IEEE 802.3 networks that 
provides the interface between the AUI port of a station and the common medium of 
the Ethernet. The MAU, which can be built into a station or can be a separate device, 
performs physical layer functions including the conversion of digital data from the 
Ethernet interface, collision detection, and injection of bits onto the network. Some¬ 
times referred to as a media access unit, also abbreviated MAU, or as a transceiver. In 
Token Ring, a MAU is known as a multistation access unit and is usually abbreviated 
MSAU to avoid confusion. 

maximum rate—Maximum total data throughput allowed on a given virtual circuit, 
equal to the sum of the insured and uninsured traffic from the traffic source. The unin¬ 
sured data might be dropped if the network becomes congested. The maximum rate, 
which cannot exceed the media rate, represents the highest data throughput the virtual 
circuit will ever deliver, measured in bits or cells per second. Compare with excess rate 
and insured rate. 

MB—megabyte. Approximately 1,000,000 bytes. 

Mb—megabit. Approximately 1,000,000 bits. 

MBS—maximum burst size. In an ATM signaling message, burst tolerance is conveyed 
through the MBS, which is coded as a number of cells. The burst tolerance together with 
the SCR and the GCRA determine the MBS that can be transmitted at the peak rate and 
still be in conformance with the GCRA. 

Mbps—megabits per second. 
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Media Access Control—See MAC. 

media access unit—See MAU. 
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multiplexing—Scheme that allows multiple logical signals to be transmitted simulta¬ 
neously across a single physical channel. Compare with demultiplexing. 

multistation access unit—See MSAU. 

multivendor network—Network using equipment from more than one vendor. Multi¬ 
vendor networks pose many more compatibility problems than single-vendor networks. 
Compare with single-vendor network. 

N 

NAK—negative acknowledgment. Response sent from a receiving device to a sending 
device indicating that the information received contained errors. Compare to 
acknowledgment. 

name resolution—Generally, the process of associating a name with a network address. 

name server—Server connected to a network that resolves network names into network 
addresses. 

NAT—Network Address Translation. Mechanism for reducing the need for globally 
unique IP addresses. NAT allows an organization with addresses that are not globally 
unique to connect to the Internet by translating those addresses into globally routable 
address space. Also known as Network Address Translator. 

NAUN—nearest active upstream neighbor. In Token Ring or IEEE 802.5 networks, the 
closest upstream network device from any given device that is still active. 

NBP—Name Binding Protocol. AppleTalk transport-level protocol that translates a 
character string name into the DDP address of the corresponding socket client. NBP 
enables AppleTalk protocols to understand user-defined zones and device names by pro¬ 
viding and maintaining translation tables that map names to their corresponding socket 
addresses. 

neighboring routers—In OSPF, two routers that have interfaces to a common network. 
On multiaccess networks, neighbors are dynamically discovered by the OSPF Hello 
protocol. 

NetBEUI—NetBIOS Extended User Interface. Enhanced version of the NetBIOS proto¬ 
col used by network operating systems such as LAN Manager, LAN Server, Windows 
for Workgroups, and Windows NT. NetBEUI formalizes the transport frame and adds 
additional functions. NetBEUI implements the OSI LLC2 protocol. 

NetBIOS—Network Basic Input/Output System. API used by applications on an IBM 
LAN to request services from lower-level network processes. These services might 
include session establishment and termination, and information transfer. 
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NetWare Popular distributed NOS developed by Novell. Provides transparent remote 
hie access and numerous other distributed network services. 

NetWare Link Services Protocol—See NLSP. 

NetWare Loadable Module—See NLM. 

network—Collection of computers, printers, routers, switches, and other devices that 
are able to communicate with each other over some transmission medium. 

network address—Network layer address referring to a logical, rather than a physical, 
network device. Also called a protocol address. Compare with MAC address. 

Network Address Translation—See NAT. 

network administrator—Person responsible for the operation, maintenance, and man¬ 
agement of a network. 

network analyzer—Hardware or software device offering various network trouble¬ 
shooting features, including protocol-specific packet decodes, specific preprogrammed 
troubleshooting tests, packet filtering, and packet transmission. 

Network Basic Input/Output System—See NetBIOS. 

network byte order Internet-standard ordering of the bytes corresponding to numeric 
values. 

network interface Boundary between a carrier network and a privately owned 
installation. 

network interface card—See NIC. 

network layer Layer 3 of the OSI reference model. This layer provides connectivity 
an path selection between two end systems. The network layer is the layer at which 
routing occurs. Corresponds roughly with the path control layer of the SNA model. See 
a so application layer, data link layer, physical layer, presentation layer, session layer, 
and transport layer. 

network management—Generic term used to describe systems or actions that help 
maintain, characterize, or troubleshoot a network. 

network number Part of an IP address that specifies the network to which the host 
belongs. 

^ Network File System. As commonly used, a distributed file system protocol suite 
eveloped by Sun Microsystems that allows remote file access across a network. In actu¬ 
ality, NFS is simply one protocol in the suite. NFS protocols include NFS, RPC, XDR, 
and others. These protocols are part of a larger architecture that Sun refers to as ONC. 
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NIC -1 network interface card. Board that provides network communication capabili- 
So in . computer sysrcm. Also died , «*J» 2- 

ter. Organization whose functions have been assumed by the InterNIC. See I . ■ 

jsjLM _NetWare Loadable Module. Individual program that can be loaded into mem¬ 

ory and function as part of the NetWare NOS. 

NLS p _NetWare Link Services Protocol. Link-state routing protocol based on IS IS. 

node _l Endpoint of a network connection or a junction common to two or more lines 
m , network Nodes can be processors, controllers, or workstations Nodes, which vary 
™g and other functional capabilities, can be interconnect^ by and™ 

control points in the network. Node is sometimes used genetically to refer to any enti y 
that can accesl a network and is frequently used interchangeably with dev.ee 2.In 
SNA, the basic component of a network and the point at which one or more functi 
units connect channels or data circuits. 

nonextended network-AppleTalk Phase 2 network that supports addressing of up to 
253 nodes and only 1 zone. 

nonseed router-In AppleTalk, a router that must first obtain, and then verify, its con¬ 
figuration with a seed router before it can begin operation. See also seed router. 

non-stub area-Resource-intensive OSPF area that carries a default route static routes 
intra area routes interarea routes, and external routes. Non-stub areas are trie on y 
OSPF areas that can have virtual links configured across them, and are the only 
that can contain an ASBR. Compare with stub area. 

NOS-network operating system. Generic term used to refer to what are really disp¬ 
uted file systems. Examples of NOSs include LAN Manager, NetWare, NFS, INI*, 
and Windows NT. 

Novell IPX— See IPX. 

NT p _ Network Time Protocol. Protocol built on top of TCP that ensures accurate 

S time-keeping with reference to radio and atomic clocks located on the Internet. 
TM, c.p.bl« of synchronizing disrr, bored clock, .id™ mill,seconds over 

long time periods. 

NVRAM—nonvolatile RAM. RAM that retains its contents when a unit is powered o . 


octet-8 bits. In networking, the term octet is often used (rather than byte) because 
some machine architectures employ bytes that are not 8 bits long. 
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Open Shortest Path First—See OSPF. 

Open System Interconnection—See OSI. 

Open System Interconnection reference model-See OSI reference model. 
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packet internet groper—See ping. 

PAP—Password Authentication Protocol. Authentication protocol that allows PPP 
peers to authenticate one another. The remote router attempting to connect to the local 
router is required to send an authentication request. Unlike CHAP, PAP passes the pass¬ 
word and host name or username in the clear (unencrypted). PAP does not itself prevent 
unauthorized access but merely identifies the remote end. The router or access server 
then determines if that user is allowed access. PAP is supported only on PPP lines. Com¬ 
pare with CHAP. 

parallel transmission— Method of data transmission in which the bits of a data charac¬ 
ter are transmitted simultaneously over a number of channels. Compare with serial 
transmission. 

partial mesh—Network in which devices are organized in a mesh topology, with some 
network nodes organized in a full mesh, but with others that are only connected to one 
or two other nodes in the network. A partial mesh does not provide the evel of redun 
dancy of a full mesh topology but is less expensive to implement. Partial mesh topolo¬ 
gies are generally used in the peripheral networks that connect to a fully meshed 
backbone. 

Password Authentication Protocol See PAP. 

path control layer— Layer 3 in the SNA architectural model This layer performs 
sequencing services related to proper data reassembly. The path control layer IS also 
responsible for routing. Corresponds roughly with the network layer of the OSI model. 
See also data flow control layer, data-link control layer, physical control layer, presen 
tation services layer, transaction services layer, and transmission control layer. 

payload-Portion of a cell, frame, or packet that contains upper-layet information 
(data). 

peer-to-peer computing— Peer-to-peer computing calls for each network device to run 
both client and server portions of an application. Also describes communistic 
between implementations of the same OSI reference model layer in two different net 
work devices. Compare with client-server computing. 

permanent virtual circuit—See PVC. 

PHY—1. physical sublayer. One of two sublayers of the FDDI physical layer. 
2 physical layer. In ATM, the physical layer provides for the transmission of cells over 
a physical medium that connects two ATM devices. The PHY is comprised of two sub- 
layers: PMD and TC. 
physical address—See MAC address. 
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physical control layer—Layer 1 in the SNA architectural model. This layer is responsi¬ 
ble for the physical specifications for the physical links between end systems. Corre¬ 
sponds to the physical layer of the OSI model. See also data flow control layer, data-lmk 
control layer, path control layer, presentation services layer, transaction services layer, 
and transmission control layer. 

physical layer—Layer 1 of the OSI reference model. The physical layer defines the elec¬ 
trical, mechanical, procedural, and functional specifications for activating, maintaining, 
and deactivating the physical link between end systems. Corresponds with the physical’ 
control layer in the SNA model. See also application layer, data link layer, network 
layer, presentation layer ; session layer, and transport layer. 

ping—packet internet groper. ICMP echo message and its reply. Often used in IP net¬ 
works to test the reachability of a network device. 

PLP—packet level protocol. Network layer protocol in the X.25 protocol stack. Some¬ 
times called X.25 Level 3 and X.25 Protocol. See also X.25. 

point-to-multipoint connection—One of two fundamental connection types. In ATM, 
a point-to-multipoint connection is a unidirectional connection in which a single source 
end-system (known as a root node) connects to multiple destination end-systems 
(known as leaves). Compare with point-to-point connection. 

point-to-point connection—One of two fundamental connection types. In ATM, a 
point-to-point connection can be a unidirectional or bidirectional connection between 
two ATM end-systems. Compare with point-to-multipoint connection. 

Point-to-Point Protocol—See PPP. 

poison reverse updates—Routing updates that explicitly indicate that a network or sub¬ 
net is unreachable, rather than implying that a network is unreachable by not including 
it in updates. Poison reverse updates are sent to defeat large routing loops. 

port—1. Interface on an internetworking device (such as a router). 2. In IP terminology, 
an upper-layer process that receives information from lower layers. Ports are numbered’ 
and many are associated with a specific process. For example, SMTP is associated with 
port 25. A port number of this type is called a well-known address. 3. To rewrite soft¬ 
ware or microcode so that it will run on a different hardware platform or in a different 
software environment than that for which it was originally designed. 

POST— power -° n self test. Set of hardware diagnostics that runs on a hardware device 
when that device is powered up. 
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PPP—Point-to-Point Protocol. Successor to SLIP that provides router-to-router and 
host-to-network connections over synchronous and asynchronous circuits. Whereas 
SLIP was designed to work with IP, PPP was designed to work with several network 
layer protocols, such as IP, IPX, and ARA. PPP also has built-in security mechanisms, 
such as CHAP and PAP. PPP relies on two protocols: LCP and NCP. 

presentation layer—Layer 6 of the OSI reference model. This layer ensures that infor¬ 
mation sent by the application layer of one system will be readable by the application 
layer of another. The presentation layer is also concerned with the data structures used 
by programs and therefore negotiates data transfer syntax for the application layer. 
Corresponds roughly with the presentation services layer of the SNA model. See also 
application layer, data link layer, network layer, physical layer, session layer, and trans¬ 
port layer. 

presentation services layer—Layer 6 of the SNA architectural model. This layer pro¬ 
vides network resource management, session presentation services, and some applica¬ 
tion management. Corresponds roughly with the presentation layer of the OSI model. 

PRI—Primary Rate Interface. ISDN interface to primary rate access. Primary rate access 
consists of a single 64-Kbps D channel plus 23 (Tl) or 30 (El) B channels for voice or 
data. Compare to BRI. 

priority queuing—Routing feature in which frames in an interface output queue are pri¬ 
oritized based on various characteristics such as protocol, packet size, and interface 
type. 

PROM—programmable read-only memory. ROM that can be programmed using spe¬ 
cial equipment. PROMs can be programmed only once. Compare with EPROM. 

protocol—Formal description of a set of rules and conventions that govern how devices 
on a network exchange information. 

protocol address—See network address. 

protocol stack—Set of related communications protocols that operate together and, as 
a group, address communication at some or all of the seven layers of the OSI reference 
model. Not every protocol stack covers each layer of the model, and often a single pro¬ 
tocol in the stack will address a number of layers at once. TCP/IP is a typical protocol 
stack. 

proxy—Entity that, in the interest of efficiency, essentially stands in for another entity, 
proxy Address Resolution Protocol—See proxy ARP. 
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proxy ARP—proxy Address Resolution Protocol. Variation of the ARP protocol in 
which an intermediate device (for example, a router) sends an ARP response on behalf 
of an end node to the requesting host. Proxy ARP can lessen bandwidth use on slow- 
speed WAN links. 

PVC—permanent virtual circuit. Virtual circuit that is permanently established. PVCs 
save bandwidth associated with circuit establishment and tear down in situations where 
certain virtual circuits must exist all the time. In ATM terminology, called a permanent 
virtual connection. Compare with SVC. 

Q 

QoS—quality of service. Measure of performance for a transmission system that reflects 
its transmission quality and service availability. 

queue—1. Generally, an ordered list of elements waiting to be processed. 2. In routing, 
a backlog of packets waiting to be forwarded over a router interface. 

queuing delay—Amount of time that data must wait before it can be transmitted onto 
a statistically multiplexed physical circuit. 

R 

RAM—random-access memory. Volatile memory that can be read and written by a 
microprocessor. 

random-access memory—See RAM. 

RARP—Reverse Address Resolution Protocol. Protocol in the TCP/IP stack that pro¬ 
vides a method for finding IP addresses based on MAC addresses. Compare with ARP. 

reassembly—The putting back together of an IP datagram at the destination after it has 
been fragmented either at the source or at an intermediate node. 

redirect—Part of the ICMP and ES-IS protocols that allows a router to tell a host that 
using another router would be more effective. 

redundancy—1. In internetworking, the duplication of devices, services, or connections 
so that, in the event of a failure, the redundant devices, services, or connections can per¬ 
form the work of those that failed. 2. In telephony, the portion of the total information 
contained in a message that can be eliminated without loss of essential information or 
meaning. 

Request For Comments—See RFC. 


Appendix H * Glossary 


503 


RFC—Request For Comments. Document series used as the primary means fo [ c ° m ' 
mumcatinT “formation about the Internet. Some RFCs are designated by the IAB as 
Internet standards. Most RFCs document protocol specifications such as Telnet and 
FTP, but some are humorous or historical. RFCs are available online from numerous 

sources. 

r : n „_Connection of two or more stations in a logically circular topology. Inlormation 

r s p 8 assed sequentially between active stations. Token Ring, FDDI, and CDD. are based 

on this topology. 

rine topology— Network topology that consists of a series of repeaters connected to one 
another bvmudirectional transmission links to form a single closed loop. Each station 
on the ne^ork connects to the network at a repeater. While logically a ring ring^topol¬ 
ogies are most often organized in a closed-loop star. Compare with bus topology , 
topology , and tree topology. 

RIP_Routing Information Protocol. 1GP supplied with UNIX BSD systems. The most 

common IGP in the Internet. RIP uses hop count as a routing metric. 

RMON—remote monitoring. MIB agent specification described RF ^ ^ 
defines functions for the remote monitoring of networked devices. The R MON spec 
cation provides numerous monitoring, problem detection, and reporting capabilities. 

ROM-read-only memory. Nonvolatile memory that can be read, but not written, by 
the microprocessor. 

routed protocol— Protocol that can be routed by a router. A router must be able to 
interpret the logical internetwork as specified by that routed protocol. Examples of 
routed protocols include AppleTalk, DECnet, and IP. 

route map— Method of controlling the redistribution of routes between routing 
domains. 

route Summarization-Consolidation of advertised network numbers in OSPF and IS¬ 
IS. In OSPF, this causes a single summary route to be advertised to other areas by 
area border router. 

router-Network layer device that uses one or more metrics to determine the optimal 
path along which network traffic should be forwarded. Routers forward packets fro 
one network to another based on network layer information contained in tout 
updates. Occasionally called a gateway (although this definition of gateway is becom g 
increasingly outdated). 

routine— Process of finding a path to a destination host. Routing is very complex in 
large networks because of the many potential intermediate destinations a packet mig 
traverse before reaching its destination host. 
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rer U Xfn m anothTr V1 Th h0db f' " 3 r ° Ut ‘ ng alg ° rithm d «ermmes that one route is bet- 
MTU, path cost, and rehab.hty. Sometimes referred to simply as a metric. ' 


ble Maintenance Protocol. Apple Computer’s proprietary routing 
lbhshes and maintains the routing information that is required to 
n any source socket to any destination socket in an AppleTalk net- 
routers dynamically maintain routing tables to reflect changes in 

; derived f-r^rr» PID ° 


«•—— 



s 

SAP—1. service access point. Field defined by the IEEE 802.2 specification that identi¬ 
fies the upper layer process and is part of an address specification. Thus, the destination 
plus the DSAP define the recipient of a packet. The same applies to the SSAP. 2. Service 
Advertising Protocol. IPX protocol that provides a means of informing network clients, 
via routers and servers, of available network resources and services. 

SAS—single attachment station. Device attached only to the primary ring of an FDDI 
ring. Also known as a Class B station. Compare with DAS. See also FDDI. 

SDLC—Synchronous Data Link Control. SNA data link layer communications proto¬ 
col. SDLC is a bit-oriented, full-duplex serial protocol that has spawned numerous sim¬ 
ilar protocols, including HDLC and LAPB. 

secondary station—In bit-synchronous data link layer protocols such as HDLC, a sta¬ 
tion that responds to commands from a primary station. Sometimes referred to simply 
as a secondary. 

seed router—Router in an AppleTalk network that has the network number or cable 
range built in to its port descriptor. The seed router defines the network number or cable 
range for other routers in that network segment and responds to configuration queries 
from nonseed routers on its connected AppleTalk network, allowing those routers to 
confirm or modify their configurations accordingly. Each AppleTalk network must have 
at least one seed router. 

segment—1. Section of a network that is bounded by bridges, routers, or switches. 2. In 
a LAN using a bus topology, a segment is a continuous electrical circuit that is often 
connected to other such segments with repeaters. 3. Term used in the TCP specification 
to describe a single transport layer unit of information. The terms datagram, frame, 
message, and packet are also used to describe logical information groupings at various 
layers of the OSI reference model and in various technology circles. 

Sequenced Packet Exchange—See SPX. 

serial transmission—Method of data transmission in which the bits of a data character 
are transmitted sequentially over a single channel. Compare with parallel transmission. 

server—Node or software program that provides services to clients. 

service access point—See SAP. 

Service Advertising Protocol—See SAP. 

session_1. Related set of connection-oriented communications transactions between 

two or more network devices. 2. In SNA, a logical connection enabling two NAUs to 
communicate. 
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session layer—Layer 5 of the OSI reference model. This layer establishes, manages, and 
terminates sessions between applications and manages data exchange between presen¬ 
tation layer entities. Corresponds to the data flow control layer of the SNA model. 

shortest-path routing—Routing that minimizes distance or path cost through applica¬ 
tion of an algorithm. 

simplex—Capability for transmission in only one direction between a sending station 
and a receiving station. Broadcast television is an example of a simplex technology. 
Compare with full duplex and half duplex. 

single-vendor network—Network using equipment from only one vendor. Single¬ 
vendor networks rarely suffer compatibility problems. See also multivendor network. 

sliding window flow control—Method of flow control in which a receiver gives trans¬ 
mitter permission to transmit data until a window is full. When the window is full, the 
transmitter must stop transmitting until the receiver advertises a larger window. TCP, 
other transport protocols, and several data link layer protocols use this method of flow 
control. 

SLIP—-Serial Line Internet Protocol. Standard protocol for point-to-point serial connec¬ 
tions using a variation of TCP/IP. Predecessor of PPP. 

SMI—Structure of Management Information. Document (RFC 1155) specifying rules 
used to define managed objects in the MIB. 

SNA—Systems Network Architecture. Large, complex, feature-rich network architec¬ 
ture developed in the 1970s by IBM. Similar in some respects to the OSI reference 
model, but with a number of differences. SNA is essentially composed of seven layers. 
See data flow control layer , data-link control layer, path control layer, physical control 
layer, presentation services layer, transaction services layer, and transmission control 
layer. 

SNMP—Simple Network Management Protocol. Network management protocol used 
almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control 
network devices, and to manage configurations, statistics collection, performance, and 
security. 

socket—1. Software structure operating as a communications end point within a net¬ 
work device (similar to a port). 2. Addressable entity within a node connected to an 
AppleTalk network; sockets are owned by software processes known as socket clients. 
AppleTalk sockets are divided into two groups: SASs, which are reserved for clients 
such as AppleTalk core protocols, and DASs, which are assigned dynamically by DDP 
upon request from clients in the node. An AppleTalk socket is similar in concept to a 
TCP/IP port. 


socket number—8-bit number that identifies a socket. A maximum of 254 different 
socket numbers can be assigned in an AppleTalk node. 

source address Address of a network device that is sending data. 

spanning tree—Loop-free subset of a Layer 2 (switched) network topology. 

spanning-tree algorithm—Algorithm used by the Spanning-Tree Protocol to create a 
spanning tree. Sometimes abbreviated as STA. 

Spanning-Tree Protocol Bridge protocol that uses the spanning-tree algorithm, 
enabling a learning switch to dynamically work around loops in a switched network 
topology by creating a spanning tree. Switches exchange BPDU messages with other 
bridges to detect loops, and then remove the loops bv shutting down selected switch 
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SSAP-source service access point. The SAP of the network node designated in the 
Source held of a packet. Compare to DSAP. See also SAP. 

standard—Set of rules or procedures that are either widely used or officially specified. 

star topology—LAN topology in which end points on a network are connected to a 
common central switch by point-to-point links. A ring topology that is organized as a 
star implements a unidirectional closed-loop star, instead of point-to-point links. Com- 
pare with bus topology , ring topology , and tree topology. 

static route—Route that is explicitly configured and entered into the routing table, by 
default. Static routes take precedence over routes chosen by dynamic routing protocols. 

stub area—OSPF area that carries a default route, intra-area routes, and interarea 
routes, but does not carry external routes. Virtual links cannot be configured across a 
stub area, and they cannot contain an ASBR. Compare to non-stub area. 

subnet—See subnetwork. 

subnet address—Portion of an IP address that is specified as the subnetwork bv the sub- 
net mask. 1 

subnet mask—32-bit address mask used in IP to indicate the bits of an IP address that 
are being used for the subnet address. Sometimes referred to simply as mask. 

subnetwork—!. In IP networks, a network sharing a particular subnet address. Subnet¬ 
works are networks arbitrarily segmented by a network administrator in order to pro¬ 
vide a multilevel, hierarchical routing structure while shielding the subnetwork from the 
addressing complexity of attached networks. Sometimes called a subnet. 2. In OSI net¬ 
works, a collection of ESs and ISs under the control of a single administrative domain 
and using a single network access protocol. 

SVC—switched virtual circuit. Virtual circuit that is dynamically established on 
demand and is torn down when transmission is complete. SVCs are used in situations 
where data transmission is sporadic. Called a switched virtual connection in ATM ter¬ 
minology. Compare with PVC. 

synchronous transmission-Term describing digital signals that are transmitted with 
precise clocking. Such signals have the same frequency, with individual characters 
encapsulated in control bits (called start bits and stop bits) that designate the beginning 
and end of each character. Compare with asynchronous transmission. 
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T 

TI—Digital WAN carrier facility. T1 transmits DS-1-formatted data at 1.544 Mbps 
through the telephone-switching network, using AMI or B8ZS coding. Compare with 
El. 

Y 3 _Digital WAN carrier facility. T3 transmits DS-3-formatted data at 44.736 Mbps 

through the telephone switching network. Compare with E3. 

TACACS_Terminal Access Controller Access Control System. Authentication proto¬ 

col, developed by the DDN community, that provides remote access authentication and 
related services, such as event logging. User passwords are administered in a central 
database rather than in individual routers, providing an easily scalable network security 
solution. 

TCP_Transmission Control Protocol. Connection-oriented transport layer protocol 

that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol 
stack. 

TCP/IP—Transmission Control Protocol/Internet Protocol. Common name for the 
suite of protocols developed by the U.S. DoD in the 1970s to support the construction 
of worldwide internetworks. TCP and IP are the two best-known protocols in the suite. 

Telnet—Standard terminal emulation protocol in the TCP/IP protocol stack. Telnet is 
used for remote terminal connection, enabling users to log in to remote systems and use 
resources as if they were connected to a local system. Telnet is defined in RFC 854. 

throughput—Rate of information arriving at, and possibly passing through, a particu¬ 
lar point in a network system. 

timeout—Event that occurs when one network device expects to hear from another net¬ 
work device within a specified period of time but does not. The resulting timeout usu¬ 
ally results in a retransmission of information or the dissolving of the session between 
the two devices. 

Time To Live—See TTL. 

token—Frame that contains control information. Possession of the token allows a net¬ 
work device to transmit data onto the network. 

token bus—LAN architecture using token passing access over a bus topology. This LAN 
architecture is the basis for the IEEE 802.4 LAN specification. 

token passing—Access method by which network devices access the physical medium 
in an orderly fashion based on possession of a small frame called a token. Contrast with 
circuit switching and contention. 
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Token Ring—Token-passing LAN developed and supported by IBM. Token Ring runs 
at 4 or 16 Mbps over a ring topology. Similar to IEEE 802.5. 

TokenTalk-Apple Computer’s data-link product that allows an AppleTalk network to 
he connected by Token Ring cables. 

topology Physical arrangement of network nodes and media within an enterprise net¬ 
working structure. F 

traceroute—Program available on many systems that traces the path a packet takes to 
a destination. It is mostly used to debug routing problems between hosts. There is also 
a traceroute protocol defined in RFC 1393. 

traffic management—Techniques for avoiding congestion and shaping and policing traf¬ 
fic Allows links to operate at high levels of utilization by scaling back lower-priority, 
delay-tolerant traffic at the edge of the network when congestion begins to occur. 

trailer—Control information appended to data when encapsulating the data for net- 
work transmission. Compare with header. 

transaction services layer—Layer 7 in the SNA architectural model. Represents user 
application functions, such as spreadsheets, word-processing, or electronic mail, bv 
f' "” ' nteraCt w,t J h , the network. Corresponds roughly with the application layer 
of the OSI reference model. See also data flow control layer, data-link control layer, path 

Uol la e , phySKal ’***’ presentJtion serv,ces la V er ’ and transmission con- 

transmission control layer-Layer 4 in the SNA architectural model. This layer is 
responsible for establishing, maintaining, and terminating SNA sessions, sequencing 
data messages and controlling session level flow. Corresponds to the transport layer of 
the OSI model. See a so data flow control layer, data-link control layer, path control 
layer, physical control layer, presentation services layer, and transaction services layer. 

Transmission Control Protocol—See TCP. 

transport layer-Layer 4 of the OSI reference model. This layer is responsible for reli¬ 
able network communication between end nodes. The transport layer provides mecha¬ 
nisms for the establishment, maintenance, and termination of virtual circuits, transport 
fault detection and recovery, and information flow control. Corresponds to the trans¬ 
mission control layer of the SNA model. See also application layer, data link layer, net¬ 
work layer, physical layer, presentation layer, and session layer. 

tra^-Message sent by an SNMP agent to an NMS, console, or terminal to indicate the 
occurrence of a significant event, such as a specifically defined condition or a threshold 
that was reached. 
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tree topology—LAN topology similar to a bus topology, except that tree networks can 
contain branches with multiple nodes. Transmissions from a station propagate the 
length of the medium and are received by all other stations. Compare with bus topol¬ 
ogy, ring topology, and star topology. 

TTL—Time To Live. Field in an IP header that indicates how long a packet is consid¬ 
ered valid. 

tunneling—Architecture that is designed to provide the services necessary to implement 
any standard point-to-point encapsulation scheme. 

u 

UDP—User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP 
protocol stack. UDP is a simple protocol that exchanges datagrams without acknowl¬ 
edgments or guaranteed delivery, requiring that error processing and retransmission be 
handled by other protocols. UDP is defined in RFC 768. 

unicast—Message sent to a single network destination. Compare with broadcast and 
multicast. 

unicast address—Address specifying a single network device. Compare with broadcast 
address and multicast address. 

URL—universal resource locator. Standardized addressing scheme for accessing hyper¬ 
text documents and other services using a browser. 

V 

VINES—Virtual Integrated Network Service. NOS developed and marketed by Banyan 
Systems. 

virtual circuit—Logical circuit created to ensure reliable communication between two 
network devices. A virtual circuit is defined by a VPI/VCI pair and can be either perma¬ 
nent (PVC) or switched (SVC). Virtual circuits are used in Frame Relay and X.25. In 
ATM, a virtual circuit is called a virtual channel. Sometimes abbreviated VC. 

w 

WAN—wide-area network. Data communications network that serves users across a 
broad geographic area and often uses transmission devices provided by common carri¬ 
ers. Frame Relay, SMDS, and X.25 are examples of WANs. Compare with LAN and 
MAN. 
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watchdog packet—Used to ensure that a client is still connected to a NetWare server. If 
the server has not received a packet from a client for a certain period of time, it sends 
that client a series of watchdog packets. If the station fails to respond to a predefined 
number of watchdog packets, the server concludes that the station is no longer con¬ 
nected and clears the connection for that station. 

watchdog spoofing—Subset of spoofing that refers specifically to a router acting espe¬ 
cially for a NetWare client by sending watchdog packets to a NetWare server to keep 
the session between client and server active. Useful when the client and server are sep¬ 
arated by a DDR WAN link. 

watchdog timer—1. Hardware or software mechanism that is used to trigger an event 
or an escape from a process unless the timer is periodically reset. 2. In NetWare, a timer 
that indicates the maximum period of time that a server will wait for a client to respond 
to a watchdog packet. If the timer expires, the server sends another watchdog packet 
(up to a set maximum). 



Index 


X 


X.25—ITU-T standard that defines how connections between DTE and DCE are main¬ 
tained for remote terminal access and computer communications in PDNs. X.25 speci¬ 
fies LAPB, a data link layer protocol, and PLP, a network layer protocol. Frame Relay 
has to some degree superseded X.25. 


z 

ZIP—Zone Information Protocol. AppleTalk session layer protocol that maps network 
numbers to zone names. ZIP is used by NBP to determine which networks contain 
nodes that belong to a zone. 

zone—In AppleTalk, a logical group of network devices. 

zone multicast address—Data-link-dependent multicast address at which a node 
receives the NBP broadcasts directed to its zone. 


Symbols 

! (exclamation points), 153, 163 
> (angle brackets), 117 
? (question marks), 117 
10Base2 (thin Ethernet) wiring, 47 
10Base5 (thick Ethernet) wiring, 47 
lOBaseT wiring, 47, 49 
100BaseFX wiring, 47 
lOOBaseFX-A wiring (LAN 
Ethernet), 53 
100BaseT4 wiring, 47 
100BaseT4-A wiring (LAN 
Ethernet), 53 
100BaseTX wiring, 48 
lOOBaseTX-A wiring (LAN 
Ethernet), 54 

100-Mbps connections (LAN 
Ethernet), 53-54 
lOOVG-AnyLAN wiring, 48, 54 
802.3z (Gigabit Ethernet) 
standard, 55 

lOOOBaseX (Gigabit Ethernet), 55 


A 

A class IP addresses, 76, 209-211 
first octet rule, 211-212 
subnet masks, 213 


A ARP (AppleTalk Address 

Resolution Protocol), 294 
abbreviations (wildcard masks) 
any, 322 
host, 323 

access (remote routing), 116 
access control field (Token Ring), 
59 

access lists, 311-313 

AppleTalk, 318, 346-351 
showing information, 353 
verifying, 353 
ZIP (Zone Information 

Protocol) replies, 347, 
352 

Banyan VINES, 318, 446-447 
configuration commands, 317 
DECnet (Digital Equipment 
Corporation), 318, 
438—440 

deny statements, 315-317 
extended, 313-314 
identifying, 317-318 
IPX (Internetwork Packet 
Exchange), 334-337 
bandwidth, 337 
extended, 336, 340-341 
SAP, 336-337, 341-346 
showing information, 346 
standard, 336, 338-340 
verifying, 346 


permit statements, 315-317 
processes, 314-315 
standard, 313 
TCP/IP, 318-320 
extended, 327-331 
named, 331-332 
placement of, 333 
showing information, 

333-334 

standard, 324-326 
verifying, 333-334 
wildcard masks, 320-323 
access-group command, 317, 324, 
328 

access-list 800 command, 339-340 
access-list 1000 deny command, 
344 

access-list 1000 permit-l 
command, 345 
access-list command, 317, 
324-325 

access-list within cable range 
command, 350 
access-list-number parameter 
access-group command, 324 
access-list command, 324, 328 

acknowledgments 

TCP (Transmission Control 
Protocol), 195-197 
transport layer (OSI model), 
35-36 
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Acknowledgment Number field, 
192 

active monitor (Token Ring), 60 
address parameter (x.25 map 
command), 387 
addresses 

AppleTalk, 77, 291-296 
Banyan VINES, 443 
IP (Internet Protocol), 207 
access lists, 319 
broadcasts, 221-222 
classes, 209-211 
configuration commands, 
223-224 

configuration verification, 
226-227 

DNS name services, 224-225 
dotted-decimal notation, 208 
first octet rule, 211-212 
hosts, 212-213, 224-226 
octets, 208 
size, 208 

subnet masks, 213-221 
subnets, 214-215 
versions, 209 
without subnets, 213-214 
IPX (Internetwork Packet 
Exchange), 77, 267-268 
LANs (local-area networks), 51 
local encapsulation, 20 
MAC (media access control), 
43—46 

ARP (Address Resolution 
Protocol), 203 
Token Ring, 57 
network encapsulation, 20 
network laver (OSI model), 
74-78 

RARP (Reverse Address 

Resolution Protocol), 203, 
601 

X.25, 77, 380-381, 387 
administrative distances, 235-236 
ADSP (AppleTalk Data Stream 
Protocol), 290 

advertisements (SAP), see SAP 
advertisements 
algorithms 

Bellman-Ford, see distance 
vector routing 

link-state, see link-state routing 


angle brackets (>), 117 
ANSI (American National 
Standards Institute), 41 
FDDI (Fiber Distributed Data 
Interface), 61-62 
dual ring, 63-64 
interfaces, 63 
physical layer, 62-63 
Frame Relay, 399 
any (wilcard mask abbreviation), 
322 

Apple manufacturer identification 
(vendor code), 44 
AppleTalk, 289-291 
access lists, 318, 346-351 
showing information, 353 
verifying, 353 
ZIP (Zone Information 
Protocol) replies, 347, 
352 

addresses, 77, 291-294 
Chooser, 296 
configuring, 298-301 
discovery, 302-304 
extended networks, 292 
Frame Relay configuration, 
467-468 

nodes 
IDs, 294 
zones, 295-296 

nonexrended networks, 291-292 
RTMP (Routing Table 

Maintenance Protocol), 291 
services, 296-297 
showing information, 304-305 
troubleshooting, 306-307 
zones, 295-296, 348 
appletalk access-group command, 
351, 601 

AppleTalk Address Resolution 
Protocol (AARP), 294 
appletalk cable-range command, 
299-301,467-468 
AppleTalk Data Stream Protocol 
(ADSP), 290 

appletalk discovery command, 302 
appletalk protocol command, 299 
appletalk routing command, 
299-300 


AppleTalk Session Protocol (ASP), 
29 

AppleTalk Transaction Protocol 
(ATP), 290 

appletalk zip-reply-filter command, 
352 

appletalk zone command, 300 
appletalk zone eng command, 
467-468 

appletalk zone engineering 
command, 301 
appletalk zone headquarters 
command, 301 

appletalk zones command, 299 
application laver (OSI model), 15, 
25-27, 189-190 
ARP (Address Resolution 
Protocol), 203 

Inverse ARP (Frame Relay), 407 
MAC (media access control) 
addresses, 44 
RARP (Reverse Address 

Resolution Protocol), 203 
ASP (AppleTalk Session Protocol), 
29 

ATM (Asynchronous Transfer 
Mode) 

LANs (local-area networks), 10 
WANs (wide-area networks), 12 
ATP (AppleTalk Transaction 
Protocol), 290 

audio, formatting (OSI model 
presentation layer), 27 
aurp command, 299 
authentication (PPP), 368-373 
Autolnstall, 449-452 
autonomous systems, 239-240 
auxiliary ports, configuring 
routers, 112-114 


B 

B class IP addresses, 76, 209-211 
first octet rule, 211-212 
subnet masks, 213, 220 
backing up software images, 
158-161 
backoff time, 53 



Backward Explicit Congestion 
Notification (BECN), 403 
balanced hybrid routing, 104 
balancing loads (RIP), 244 
bandwidth, 86 
Frame Relay, 406 
global internetworks, 7-8 
IGRP (Internet Gateway Routing 
Protocol), 252 
IPX (Internetwork Packet 

Exchange) access lists, 33/ 
LAN Ethernet, 53-55 
link-state routing requirements, 
101 

bandwidth command, 146, 408 
banner motd command, 139 
banners, configuring routers, 
139-140 

Banyan VINES, 441-442 
access lists, 318, 446-44 
address assignment, 443 
configuring, 444-446 
hello messages, 443 
metrics, 442 

network numbers, 442-443 
sequence numbers, 442 
showing information, 447 
VIP (Internet Protocol), 442 
BECN (Backward Explicit 

Congestion Notification), 403 
Bellman-Ford algorithms, see 
distance vector routing 
BGP (Border Gateway Protocol), 
240 

BIA (burned-in addresses), 42 
binary numeration 

decimal conversions, 453-459 
hexadecimal conversions, 
453-459 
bits 

converting frames into, 20 
subnet masks, 216-221 
Token Ring error detection, 
60-61 

wildcard masks, 321-322 
boot field (Configuration Register), 
156-157 

boot system commands, 157-158 


Border Gateway Protocol (BGP), 
240 

Break key, 118 

broadcast parameter (frame-relay 
map command), 407 
broadcasts (IP addresses), 221 
directed, 221-222 
flooded, 221-222 
IP addresses, 221 
LAN Ethernet, 50 
building data (encapsulation), 19 
bulletin boards (OSI model 
application layer), 26 
burned-in addresses (BIA), 42 
bytes (IP addresses), 211 


c 

C class IP addresses, 76, 209-211 
first octet rule, 211-212 
subnet masks, 213, 220 
cable group (AppleTalk), 292 
cable range (AppleTalk), 292 
cabling LANs, 47-48 
call clear (virtual circuits), 383 
call setup process 

VCs (virtual circuits), 383 
WANs (wide-area networks), 
359-360 

Carrier Sense Multiple Access with 
Collision Detection, see 
CSMA/CD 
CCITT standards 
Frame Relay, 399 
WANs (wide-area networks), 65 
CCO (Cisco Connection Online), 
160 

CDP (Cisco Discovery Protocol), 
175-176 
disabling, 177 
local routers, 177-178 
neighbors, 179-181 
parameters, 178-179 
showing information, 177-178 
cdp holdtime command, 179 
Central Office (CO) switch, 362 
centralized processing, 3-4 


Challenge Handshake 

Authentication Protocol 
(CHAP), 368, 371-372 
channel service unit/data service 
unit, see CSU/DSU 
CHAP (Challenge Handshake 
Authentication Protocol), 
368,371-372 
Checksum field (TCP), 192 
Chooser (AppleTalk), 296 
CIDR (classless interdomain 
routing), 210 

CIR (Committed Information 
Rate), 402 
Cisco 

Cisco 7000 interfaces, 142-143 
Cisco 7200 interfaces, 142-143 
Cisco 7500 interfaces, 143 
manufacturer identification 
(vendor code), 44 
Cisco Connection Online (CCO) 
Web site, 119, 160 
Cisco Discovery Protocol, see CDP 
Cisco IOS software images, 
114-115 

classes (IP addresses), 209-211 
classless interdomain routing 
(CIDR), 210 
clients, 291 

CLIs (command-line interfaces), 
117-118 

clock speeds (Frame Relay), 400 
clouds 

Frame Relay, 399, 404 
WANs (wide-area networks), 
359 

CO (Central Office) switch, 362 
Code Bits field (TCP), 192 
coding presentation layer (OSI 
model), 27 

collisions (LAN Ethernet), 52-53 
command modes, 116 
commands 

access-group, 317, 324, 328 
access-list, 317, 324-325 
access-list 1000 deny, 344 
access-list 1000 permit -1, 345 
access-list within cable range, 
350 

access-lists 800, 339-340 
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appletalk access-group, 351,601 
appletalk cable-range, 299-301 
467-168 

appletalk discovery, 302 
appletalk protocol, 299 
appletalk routing, 299-300 
appletalk zip-reply-filter, 352 
appletalk zone, 300 
appletalk zone eng, 467-468 
appletalk zone engineering, 301 
appletalk zone headquarters 
301 

appletalk zones, 299 
aurp, 299 

bandwidth, 146,408 
banner motd, 139 
boot system, 158 
cdp holdtime, 179 
config-register, 156 
configure, 134 
configure memory, 135 
configure network, 135 
configure overwrite, 135 
configure terminal, 134-135 
156 

context-sensitive help, 123 
copy flash, 161 
copy running-config 

startup-config, 128 152 
154, 158 

copy running-config tftp, 152 
copy startup-config 
running-config, 135 
copy tftp running-config 
134-135 

copy tftp startup-config, 135 
ace-terminal-timing enable, 146 
debug apple errors, 306 
debug apple events, 305 
debug apple routing, 306-307 
debug decnet routing, 440 
debug ip igrp events, 258 
debug ip igrp transaction, 257 
debug ip rip, 248 
debug ipx routing activity, 283 
debug ipx sap, 284-285 
decnet access-group, 439 
decnet cost, 438 
decnet node-type, 437 
decnet routing, 437 


default-metric, 254 
eigrp, 299 

enable password, 140 
enable secret, 141 
encapsulation frame-relay 406 
467-469 

encapsulation novell-ether, 278 
encapsulation sap, 278 
encapsulation x25, 386 
erase, 150 

erase startup-config, 150 
exit, 138 

extended ping, 228 
frame-relay interface-dlci, 
469-470 

frame-relay intf-type dee, 472 
frame-relay inverse-arp, 407 
frame-relay Imi-type, 406 
frame-relay map, 407 
frame-relay map appletalk, 
467-468 

Global Configuration mode, 118 
history of used, 124-125 
interface, 142, 276 
interface ethernet, 278, 300-301 
interface serial, 278 
Ip, 223 

ip access-group, 324-325, 328 
ip address, 223 
ip default-network 

network-number, 239 
ip domain-lookup, 225 
ip host, 224 
ip name-server, 224 
ip netmask-format, 223-224 
ip route, 237 
ip unnumbered, 417 
ipx access-group 800 out, 340 
ipx delay, 279 

ipx input-sap-filter, 279, 344 
346 

ipx maximum-paths, 278 
ipx network, 276-279, 469 
ipx network 4a encapsulation 
sap, 278 

ipx output-sap-filter, 279, 344 
345 

ipx route-cache, 280 
ipx router-sap-filter, 280 


ipx routing, 278 
line console 0, 140 
line vty 0 4, 140 
network, 244-246 
no access-group, 325 
no access-list, 325 
no cdp enable, 177 
no cdp run, 177 
no clock rate, 146 
no debug ip igrp transaction. 

258 

no debug ip rip, 248 
no ip domain-lookup, 225 
no shutdown, 148 
pmg, 202, 226-227 
ping IPX, 264 
privileged EXEC, 117 
disable, 119 
exit, 119 

ROM monitor, 117-118 
router, 243 
router igrp, 254-255 
router rip, 245-246 
rtmp, 299 
RXBoot mode, 118 
searching for, 121-123 
service password-encryption, 

120, 142 
setup, 165 
Setup mode, 118 
show access-lists, 334, 346 
show appletalk access-lists, 353 
show appletalk arp, 305 
show appletalk globals, 305 
show appletalk interface, 
304-305 

show appletalk route, 305 
show appletalk zone, 305 
show cdp entry, 180-181 
show cdp interface, 177 
show cdp neighbors, 179-180 
show configuration, 150 
show controllers serial 
command, 147 
show decnet interface, 440 
show decnet route, 440 
show decnet traffic, 440 
show flash, 159-160 
show frame-relay Imi, 409 . 
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show frame-relay map, 409 
show frame-relay pvc, 409 
show history, 124 
show hosts, 225-226 
show interfaces, 128-129, 
143-144, 146, 374, 395 
show interfaces serial, 144-145, 
408 

show ip interface, 223, 257, 
333-334 

show ip protocols, 247, 256 
show ip route, 247, 257-258 
show ipx interface, 279-280, 
346 

show ipx route, 280-281 
show ipx servers, 282 
show ipx traffic, 282-283 
show protocols, 130 
show running-config, 128, 150, 
334 

show startup-config, 128, 334 
show version, 127, 155, 157 
show x25 map, 395 
show x25 vc, 395-396 
shutdown, 148 
telnet, 226 
Term ip, 223 

term ip netmask-format, 223 
terminal history size, 124 
terminal no editing, 123 
trace, 226, 229-230 
tunnel destination, 472 
tunnel source serial, 472 
user EXEC 
exec-timeout, 119 
logout, 119 
no exec-timeout, 119 
vines access-list, 318 
write case, 151 
write memory, 153 
write network, 153 
write terminal, 128 
x25 address, 387, 393 
x25 ips/ops, 393 
x25 map, 384, 387 
x25 modulo, 392 
x25 route, 394 
x25 win, 391 


x25 win/wout, 393 
x25 wout, 391 
see also individual modes 
committed bursts, 402 
Committed Information Rate 
(CIR), 402 

communication (OSI model session 
layer), 28-29 
composite metric (IGRP), 
251-252, 254-255 
compression (PPP), 368 
computing 

centralized, 3-4 
PC networks, 4-6 
concentrators (LANs), 10 
config-register command, 156 
configuration commands (IP 
addresses), 223-224 
configuration files, 133 
loading, 134 

Release 10.0, 135 
TFTP servers, 135-136, 153 
setup mode, 165-169 
startup, 115, 128 
system images 

backups, 158-159, 161 
boot system commands, 
157-158 

Configuration Register value, 
155-157 

locating, 153, 155 
overwriting, 164-165 
upgrading, 162-163 
troubleshooting 
Release 10.0, 151 
Release 10.3, 150 
Configuration Register value, 
155-157 
configurations 
access lists, 317 

extended IP, 328-331 
extended IPX, 340-341 
named IP, 331-332 
standard IP, 324-326 
standard IPX, 338-339 
AppleTalk, 298-301 
verifying, 304-305 
Autolnstall, 449-452 
Banyan VINES, 444-446 


CDP (Cisco Discovery Protocol), 
178-179 

DDR (dial-on-demand routing), 
312-313 

DECnet (Digital Equipment 
Corporation), 435—438 
default routers, 239 
Frame Relay, 405, 407—408 
AppleTalk, 467-468 
hub-and-spoke, 410 
IPX, 468-470 
subinterfaces, 413—417 
switching, 470, 472 
IGRP (Internet Gateway Routing 
Protocol), 249-250 
composite metric, 251-255 
flash updates, 250 
holddown timers, 250-251 
poison reverse updates, 250 
split horizons, 251 
IP (Internet Protocol) 
addresses, verification, 
226-227 

dynamic routing, 243-244 
IPX (Internetwork Packet 
Exchange) 

local configuration functions, 
277-278 

showing information, 
279-283 
verifying, 278 

PPP (Point-to-Point Protocol) 
authentication, 369, 372-373 
LCP (Link Control Protocol), 
368-369 
verifying, 374 
RIP (Routing Information 
Protocol), 244 
commands, 245-246 
load balancing, 244-245 
showing information, 
247-248 

routers, 112-114, 133 

global configuration mode, 
136-138 

identification, 138-140 
interfaces, 142-145, 148 
passwords, 140-142 
saving, 152-153 
setup mode, 165-169 
verifying, 149-151 
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SAP IPX access lists, 343-344 
static routing, 237-238 
X.25, 385-389, 392-393 
addresses, 387 
encapsulation, 386-387 
map, 387 

showing information, 395 
size, 390-391 
switching, 393-394 
VCs (virtual circuits), 
389-390 

window parameters, 391-392 
configure command, 117, 134 
configure memory command, 135 
configure network command, 135 
configure overwrite command, 135 

configure terminal command, 
134-135, 156 

congestion (transport layer), 32-33 
connection-oriented sessions 
(transport layer), 31-32, 34 
connections (LAN Ethernet), 

53-55 

connectivity (internetworks), 13 
console terminals, configuring 
routers, 112 

Consultative Committee for 
International Telegraph and 
Telephone, see CC1TT 
standards 

context-sensitive help, 123 
continue command, 118 
controller mode, 137 
convergence 

balanced hybrid routing, 105 
link-state routing, 100 
troubleshooting, 242 
converting 

frames into bits, 20 
numerations, 453-459 
copy flash command, 161 
copy running-config startup-config 
command, 128, 152, 154, 158 
copy running-config tftp command, 
152 

copy startup-config running-config 
command, 135 

copy tftp running-config command, 
134-135 
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copy tftp startup-config command, 
135 
cost, 86 

counting to infinity (distance vector 
routing), 92-98 
CPE (Customer Premises 
Equipment), 361 

CRC (cyclical redundancy check), 

CSMA/CD (Carrier Sense Multiple 
Access with Collision 
Detection), 49, 54 
CSU/DSU (channel service 

unit/data service unit), 66, 363 
cud parameter (x25 route 
command), 394 

custom queuing (access lists), 312 
cyclical redundancy check (CRC), 
52 

D 

D class IP addresses, 76, 209 
211-212 

DACs (dual-attached 
concentrators), 62 
DAS (dual attachment station), 62 
data circuit-terminating 
equipment, see DCE 
Data field (TCP), 192 
data link layer (OSI model), 16 
39-40 

encapsulation, 20 
LLC (logical link control), 41-42 
MAC (media access control), 
41-46 

WANs (wide-area networks), 
67-68 

Data Network Identification Code 
(DNIC), 380 

data switching equipment, see DSE 
data terminal equipment, see DTE 
databases (SQL), 29 
datagrams (packets), 17 
encapsulation, 20 
IP (Internet Protocol), 199-200 


TCP/IP (Transmission Control . 
Protocol/Internet Protocol) 
189 

transport layer 

(connection-oriented 
sessions), 32-33 
Data-Link Connection Identifier 
(DLCI), 400-401 
DCE (data circuit-terminating 
equipment) 

Frame Relay, 399 
interface configurations, 147 
WANs (wide-area networks), 66 

363 

X.25, 379-380 
dce-terminal-timing enable 
command, 146 

DDR (dial-on-demand routing), 83 
access lists, 312-313 
WANs (wide-area networks), 

364 

DE (Discard Eligibilitv) Indicator, 
403 

debug apple errors command, 306 
debug apple events command, 305 
debug apple routing command, 
306-307 

debug command, 117 
debug decnet routing command, 

440 

debug ip igrp events command, 258 
debug ip igrp transaction 
command, 257 
debug ip rip command, 248 
debug ipx routing activity 
command, 283 

debug ipx sap command, 284-285 
decimal numeration 

binary conversions, 453—459 
hexadecimal conversions, 

453-459 

DECnet (Digital Equipment 
Corporation), 431-432 
access lists, 318, 438-440 
configuring, 435-438 
DNA SCP (Digital Network 
Architecture Session 
Control Protocol), 29 
DRs (designated routers), 

434-435 
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Level 1, 435 
Level 2, 435 
nodes, 433-434 
updates, 434 
verifying, 440 

decnet access-group command, 439 
decnet cost command, 438 
decnet node-type command, 437 
decnet routing command, 437 
dedicated point-to-point 
connections, 64 

default routing, 83-84, 235, 239 
default-metric command, 254 
delay, 86, 252 

delivering packets (ICMP tests), 
201-203 

demarcation (WANs), 361 
deny statements (access lists), 
315-317 

extended access lists 
FTP traffic, 329-330 
Telnet, 330-331 
implicit, 316 
specific hosts, 325-326 
specific subnets, 326-327 
standard IP access lists, 324 
Department of Defense (DoD), 
14-15 

descriptions, configuring routers, 
140 

designing networks, 13 
Destination IP Addresses field (IP 
datagrams), 200 

destination parameter (access-list 
command), 328 

destination physical address fields 
(LANs), 51 

Destination Port field (TCP), 191 
Destination Service Access Point 
(DSAP), 52 

destination-mask parameter 

(access-list command), 328 
destination-network parameter 
(access-list command), 338 
destination-node parameter 

(access-list command), 339 
destination-node-mask parameter 
(access-list command), 339 


destinations (IP routing), 235 
destination-socket parameter 
(access-list command), 341 
devices 

CDP (Cisco Discovery Protocol), 
180-181 

LANs (local-area networks), 10 
routes, 233-234 
subnet masks, 215 
WANs (wide-area networks), 12 
dialer groups (access lists), 313 
dial-on-demand routing (DDR), 83 
Digital Network Architecture 
Session Control Protocol 
(DNA SCP), 29 
directed broadcasts, 221-222 
disable command, 119 
disabling 

CDP (Cisco Discovery Protocol), 
177 

interfaces, 148 
IP routing, 235 

Discard Eligibility (DE) Indicator, 
403 
discovery 

AppleTalk, 302-304 
CDP (Cisco Discovery Protocol), 
176 

disabling, 177 
local routers, 177-178 
neighbors, 179-181 
parameters, 178-179 
showing information, 
177-178 

link-state routing, 98-99 
distance vector routing, 87-89 
changing topologies, 90-91 
discovery, 89-90 
loops, 91-98 

distance vector routing protocols 

IGRP, see IGRP 
RIP, see RIP 

DLCI (Data-Link Connection 
Identifier), 400—401, 405 
dlci parameter (frame-relay map 
command), 407 
DNA SCP (Digital Network 

Architecture Session Control 
Protocol), 29 


DNIC (Data Network 

Identification Code), 380 
DNS (Domain Name System), 
224-225 

DoD (Department of Defense), 
14—15 

dotted-decimal notation (IP 
addresses), 208 

DRAM, configuring routers, 113 
DRs (Dedicated Routers), 434-435 
DSAP (Destination Service Access 
Point), 52 

DSE (data switching equipment), 
363-364 

DTE (data terminal equipment) 
Frame Relay, 399 
interface configurations, 147 
WANs (wide-area networks), 

66, 363 

X.25, 379-380 

dual attachment station (DAS), 62 
dual ring FDDl (Fiber Distributed 
Data Interface), 63-64 
dual-attached concentrators 
(DACs), 62 

dumb terminals, 3-4, 377 
dvnamic routing, 82-85, 235, 
243-244 


E 

E class IP addresses, 209, 211-212 
early token release (ETR), 59 
echo reply (ICMP tests), 202 
EDI (electronic data interchange), 
26 

editing commands, 123-124 
El A (Electronic Industries 
Association), 41, 65 
eigrp command, 299 
electronic data interchange (EDI), 
26 

Electronic Industries Association 
(EIA), 41 

e-mail protocols, 26 

enable password command, 140 

enable secret command, 141 










encapsulation 

CDP (Cisco Discovery Protocol), 
176 

OSI model, 18-20 
X.25, 382, 386-387 
encapsulation frame-relay 
command, 406, 467-469 
encapsulation novell-ether 
command, 278 

encapsulation sap command, 278 
encapsulation x25 command, 386 
encapsulations 
IPX (Internetwork Packet 
Exchange), 268-270 
keywords, 270 

encryption (passwords), 120, 142 
end-to-end transport, 29 
enhanced editing mode, 123-124 
enterprise networks, 12-13 
entries (CDP), 180-181 
eq parameter (access-list 
command), 330 
erase command, 150 
erase startup-config command, 150 

error detection 

LAN Token Ring, 60-61 
PPP (Point-to-Point Protocol), 
368 

established keyword (access-list 
command), 328 
Ethernet 

Gigabit (lOOOBaseX), 55 
interfaces, 142 
IPX (Internetwork Packet 
Exchange), 268 

LANs (local-area networks), 10 
46 

broadcasts, 50 
frames, 50-52 

high speed connections, 53-55 
interfaces, 48 
multicasts, 50 

transmission collisions, 52-53 
transmissions, 49 
wiring, 47-48 

ETR (early token release), 59 
excess bursts, 402 
exclamation points (I), 153, 163 


EXEC mode 
commands 
show protocols, 130 
show running-config, 128 
show startup-config, 128 
privileged, see privileged EXEC 
mode 

user, see user EXEC mode 
exec-timeout command, 119 
exit command, 119, 138 
expectational acknowledgment 
system (OSI model transport 
layer), 35 

extended access lists, 313-314, 
317-318 

IP (Internet Protocol), 327-331 
IPX (Internetwork Packet 
Exchange), 336, 340-341 
extended addresses (AppleTalk), 
293 

extended networks (AppleTalk), 
292 

extended ping command, 228 
exterior routing protocols, 
240-243 

F 

FCS (frame check sequence) field, 
51-52 

FDDI (Fiber Distributed Data 
Interface), 41, 61-62 
dual ring, 63-64 
interfaces, 63 
physical layer, 62-63 
see also Token Ring 
FECN (Forward Explicit 

Congestion Notification), 403 

fields 

Configuration Register, 156-157 
IP datagrams, 199 
LAN Ethernet, 51-52 
LLC (logical link control), 52 
TCP (Transmission Control 
Protocol), 191 

filename (software image), 160 
files (configuration), 133 
backups, 158-159, 161 
boot system commands, 

157-158 


Configuration Register value, 
155-157 

loading, 134-136, 153 
locating, 153, 155 
startup, 115 

troubleshooting, 150-151 
filters 

access lists, see access lists 
AppleTalk zones, 351 
finding AppleTalk services, 297 
first octet rule (IP addresses), 
211-212 

Flags field (IP datagrams), 199 
Flash Memory 
boot svstem commands, 
157-158 

configuring routers, 113 
showing information, 159-160 
software images 

backing up, 158-159 
locating, 155 
(lash updates (IGRP), 250 
flooding 

broadcasts, 221-222 
link-state routing, 101 
NetWare IPX packets, 265 
flow control (transport laver), 
32-33,36 

formatting (presentation layer), 27 
Forward Explicit Congestion 
Notification (FECN), 403 
FR (Frame Relay switch), 400-401 
Frag Offset field (IP datagrams), 
199 

frame check sequence (FCS) field, 
51 

Frame Relay, 68, 399, 404-405 
AppleTalk configuration, 
467—468 

BECN (Backward Explicit 
Congestion Notification), 
403 

CIR (Committed Information 
Rate), 402 

committed bursts, 402 
configuring, 405, 407-408 
DE (Discard Eligibility) 

Indicator, 403 

DLCI (Data-Link Connection 
Identifier), 400—401 
excess bursts, 402 
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FECN (Forward Explicit 

Congestion Notification), 

403 

full-mesh topologies, 410 
IPX configuration, 468—470 
LMI (Local Management 
Interface), 401-402 
local access rates, 400 
oversubscription, 402 
partial-mesh topologies, 410 
reachability, 410-411 

star topologies, 410 
subinterfaces, 411-412 
configuring, 413—414 
multipoint, 414-415 

point-to-point, 416-417 
switching, 470, 472 
VCs (virtual circuits), 399-400 
verifying, 408 

WANs (wide-area networks), 

360 

Frame Relay (FR) switch, 400-401 
Frame Relay Forum World Wide 
Web page, 400 
frame-relay interface-dlci 
command, 469—470 
frame-relay intf-type dee 
command, 472 

frame-relay inverse-arp command, 
407 ' 

frame-relay Imi-type command, 

406 

frame-relay map appletalk 
command, 467-468 
frame-relay map command, 407 
frames 

converting into bits, 20 
encapsulation (OSI model), 18 
Ethernet, 50-52 
IPX (Internetwork Packet 
Exchange), 268-270 
LANs (local-area networks), 
50-52 

Token Ring, 60 
WANs (wide-area networks), 
364-366 

FTP (file transfer protocol), 

extended access lists, 329-330 
full-mesh topologies (Frame 
Relay), 410 


G 

gateway of last resort, 237 
Get Nearest Server (GNS), 266 
GetZoneList (GZL) packets, 351 
giant packets, 51 

Gigabit Ethernet (lOOOBaseX), 55 
global configuration mode, 
136-138 
commands, 118 
cdp holdtime, 179 
configure terminal, 134 
copy startup-config 

running-config, 135 
copy tftp running-config, 134 
copy tftp startup-config, 135 
ip default-network 

network-number, 239 
ip host, 224 
ip route, 237 
descriptions, 140 
interfaces, 142-145, 148 
IPX (Internetwork Packet 
Exchange), 275-276 
loading configurations, 134 
Release 10.0, 135 
TFTP servers, 135-136 
message-of-the-dav banners, 

139-140 

naming routers, 138-140 
passwords, 140-142 
global internetworks, 7-9 
enterprise networks, 12-13 
LANs (local-area networks), 

9- 10 

WANs (wide-area networks), 

10 - 12 

global parameters, configuring, 
166 

global router configuration mode 
(access lists), 319 
GNS (Get Nearest Server), 266, 
273-274 

graphics, formatting, 27 
GZL (GetZoneList) packets, 351 


H 

handshakes 

TCP (Transmission Control 
Protocol), 194-195 
transport layer (OSI model), 32 


hardware addresses, 43, 45 
HDLC (High-Level Data Link 
Control), 67, 364-366 
Header Checksum field (IP 
datagrams), 200 

Header length field, see HLEN field 
headers 

LLC (logical link control), 52 
OSI model, 18 

hello messages (Banyan VINES), 

443 

Hello protocol (DECnet), 434 
hexadecimal numeration 

binary conversions, 453-459 
decimal conversions, 453-459 
High-Level Data Link Control 
(HDLC), 67, 364-366 
history (command use), 124-125 
HLEN field 

IP datagrams, 199 
TCP (Transmission Control 
Protocol), 192 
hold-down timers 

distance vector routing, 94 
IGRP (Internet Gateway Routing 
Protocol), 250-251 
holdtime (CDP), 177-178, 180 
hop counts, 86 

IPX (Internetwork Packet 
Exchange), 270 

maximums (counting to infinity), 
92 

RIP (Routing Information 
Protocol), 244, 270 
RTMP (Routing Table 

Maintenance Protocol), 291 
host (wilcard mask abbreviation), 
323 

host configuration files, 136 
host IP addresses, 212-213 
host name parameters, configuring, 
166 

host name-to-address mapping, 
224 
hosts 

IP addresses, 224-226 
network layer addresses, 74-75 
subnet masks, 219 






TML (Hypertext Markup 
Language), 27 

ihub-and-spoke configuration 
" (Frame Relay), 410 
jiubs 

Frame Relay, 410 
LAN’s (local-area networks), 10 
MSAU (multistation access unit), 
56 

ybrid routing, 104 
Ivperterm (remote router access), 
116 

■Ivpertext Markup Language 
(HTML), 27 


i-J-K 

JANA (Internet Assigned Numbers 
" Authority), 209 

ICMP (Internet Control Message 
f Protocol), 200-203 

identification (router 
) configuration), 138-140 
Identification field (IP datagrams), 

| 199 

identifying access lists, 317-318 

idle banner, configuring routers, 

f 140 

.IDs (nodes), 294 

IEEE 

Ethernet (802.3), 46 
) broadcasts, 50 

frames, 50-52 

| Gigabit Ethernet (802.3z), 55 

high speed connections, 53-55 
| interfaces, 48 

multicasts, 50 

transmission collisions, 52-53 
transmissions, 49 
wiring, 47-48 

* LAN (local-area network), 

40-41 

Token Ring (802.5), 55-56 
active monitor, 60 
error detection, 60-61 
interfaces, 57 
physical layer, 56 
priority system, 59 
transmissions, 58-59 
IETF standards (WANs), 65 


IGRP (Interior Gateway Routing 
Protocol), 240 
configuring, 249-250 
composite metric, 251-255 
flash updates, 250 
hold-down timers, 250-251 
poison reverse updates, 250 
split horizons, 251 
showing information, 256 
images (software) 

showing information, 159-160 
startup, 114-115 

backups, 158-159, 161 
boot system, 157-158 
Configuration Register value, 
155-157 

locating, 153, 155 
overwriting, 164-165 
setup mode, 165-169 
showing, 128 
upgrading, 162-163 
implicit deny statements (access 
lists), 316 

individual lines (passwords), 120 
initial sequence numbers (TCP), 
194 

input SAP filter (IPX access lists), 
273, 343-346 
Integrated Services Digital 
Network (ISDN), 68 
interface command, 142, 276 
interface configuration mode, 137, 

276-277 

interface ethernet command, 278, 
300-301 

interface serial command, 278 
interfaces 

AppleTalk, showing 

information, 304-305 
CDP (Cisco Discovery Protocol), 
177-178 
configuring, 114 
disabling, 148 

FDDI (Fiber Distributed Data 
Interface), 63 

Frame Relay subinterfaces, 
411-417 

IP access lists, showing 
information, 333-334 


IPX, showing information, 
279-280 

LANs (local-area networks) 
Ethernet, 48 
Token Ring, 57 
parameters, configuring, 
167-168 

PPP (Point-to-Point Protocol), 
366 

router configuration, 142-145, 
148 

showing, 128 
statistics, 129 

user interface command historv, 
124-125 

WANs (wide-area networks), 12 
Interior Gateway Routing Protocol 
(IGRP), 240 

interior routing protocols, 
240-243 
Intermediate 

System-to-Intermediate 
System, see IS-IS 
internal subnet masks, 217 
International Organization for 
Standardization (ISO), 65 
OSI reference model, see OSI 
reference model 

WANs (wide-area networks), 65 
International Telecommunications 
Union (ITU), 41, 65 
Internet Assigned Numbers 
Authority (IANA), 209 
Internet Control Message Protocol, 
see ICMP 

Internet Engineering Task Force, 
see IETF 

Internet Gateway Routing 
Protocol, see IGRP 
Internet layer (TCP/IP), 198 
ARP (Address Resolution 
Protocol), 203 

ICMP (Internet Control Message 
Protocol), 200-201, 203 
IP datagrams, 199-200 
RARP (Reverse Address 

Resolution Protocol), 203 
internetworks, 6-7 
designing, 13 

enterprise networks, 12-13 
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global, 7-9 

LANs (local-area networks), 

9-10 

OSI model (layered), 14-15 
application layer, 15, 25-27 
data link layer, 16, 39—40 
encapsulation, 18-20 
headers, 18 

network layer, see network 
layer 

peer layer protocols, 17 
physical layer, 16, 40 
presentation layer, 15-16, 
27-28 

session layer, 16, 28-29 
transport layer, see transport 
layer 
packets, 17 

PDUs (protocol data units), 17 
routing, see routing 
WANs (wide-area networks), 
10-12 

InterNIC (Network Information 
Center), 240 

Interprocess Communications 
Protocol (IPC), 442 
Inverse ARP (Frame Relay), 407 
IP (Internet Protocol) 
access lists, 318-320 
extended, 327-331 
named, 331-332 
placement of, 333 
showing information, 
333-334 

standard, 324-326 
verifying, 333-334 
wildcard masks, 320-323 
addresses, 207 

broadcasts, 221-222 
classes, 209-211 
configuration commands, 
223-224 

configuration verification, 
226-227 

DNS name services, 224-225 
dotted-decimal notation, 208 
first octet rule, 211-212 
host names, 224-226 
hosts, 212-213 
octets, 208 


RARP (Reverse Address 
Resolution Protocol), 

203 
size, 208 

subnet masks, 213-221 
subnets, 214-215 
versions, 209 
without subnets, 213-214 
Banyan VINES, 442 
datagrams, 199-200 
routing, 233-234 

administrative distances, 
235-236 

autonomous systems, 

239-240 

default routers, 239 
destinations, 235 
disabling, 235 
dynamic, 243-244 
exterior, 240-243 
IGRP, see IGRP 
interior, 240-243 
RIP, see RIP 
static routes, 237-238 
ip access-group command, 
324-325, 328 
ip address command, 223 
ip command, 223 
ip default-network 

network-number command, 
239 

ip domain-lookup command, 225 
ip host command, 224 
ip name-server command, 224 
ip netmask-format command, 
223-224 

ip route command, 237 
ip unnumbered command, 41"’ 

IPC (Interprocess Communications 
Protocol), 442 
IPng, 209 
IPv6, 209 

IPX (Internetwork Packet 
Exchange), 263-265 
access lists, 334-337 
bandwidth, 337 
extended, 336, 340-341 
SAP, 336-337, 341-346 
showing information, 346 
standard, 336, 338-340 
verifying, 346 


addresses, 77, 267-268 
encapsulations, 268-270 
Frame Relay configuration, 
468-470 

global configuration commands, 
275-276 

GNS (Get Nearest Server), 

273-274 

interface configuration 
commands, 276-277 
local configuration functions, 

277- 278 

RIP (Routing Information 
Protocol), 270-272 
SAP advertisements, 272-2'*3 
SPX (Sequenced Packet 
Exchange), 6 

troubleshooting, 283-285 
verifying configurations, 

278- 283 

ipx access-group 800 out 
command, 340 
ipx delay command, 279 
ipx input-sap-filter command, 2/9, 
344, 346 

ipx maximum-paths command, 

278 

ipx network 4a encapsulation sap 
command, 278 

ipx network command, 276-279, 
469 

ipx output-sap-filter command, 

279, 345 

ipx output-sap-filter commands, 

344 

ipx route-cache command, 280 
ipx router-sap-filter command, 280 

ipx routing command, 278 
IPX-router mode, 138 
ISDN (Integrated Services Digital 
Network), 68 
IS-IS (Intermediate 

System-to-Intermediate 

System), 272 

ISNs (initial sequence numbers), 
194 

ISO (International Organization 
for Standardization), 65 
OSI reference model, see OSI 
reference model 

WANs (wide-area networks), 65 








524 


Introduction to Cisco Router Configuration 


ITU (International 

Telecommunications Union), 
41,65 

keystroke shortcuts, editing, 
123-124 
keywords 

access-list command, 324, 328 
encapsulations, 270 


LANs (local-area networks), 5-6, 
9-10 

designing, 13 
Ethernet, 46 
broadcasts, 50 
frames, 50-52 

high speed connections, 53-55 
interfaces, 48 
multicasts, 50 

transmission collisions, 52-53 
transmissions, 49 
wiring, 47-48 

FDDI (Fiber Distributed Data 
Interface), 61-62 
dual ring, 63-64 
interfaces, 63 
physical layer, 62-63 
internetworks, 6-7 
global, 7-9 
routing, see routing 
LAN-to-LAN routing, 105-106 
LAN-to-WAN routing, 106-107 
LLC (logical link control), 41-42 
MAC (media access control), 
41-46 

standards, 40-41 
Token Ring, 55-56 
active monitor, 60 
error detection, 60-61 
interfaces, 57 
physical layer, 56 
priority system, 59 
transmissions, 58-59 
LAPB (Link Access Procedure, 
Balanced), 67 
X.25, 378-379, 382 


Layer 7 (OSI model), 15, 25-27, 
189-190 

layered networks (OSI model), 
14-15 

application layer, 15, 25-27 
data link layer, 16, 39-40 
encapsulation, 18-20 
headers, 18 
network layer, 16, 71 
addresses, 74-78 
changing topologies, 84 
default routing, 83-84 
distance vector routing, see 
distance vector routing 
dynamic routing, 82, 84-85 
LAN-to-LAN routing, 

105- 106 

LAN-to-WAN routing, 

106- 107 

link-state routing, see 
link-state routing 
metrics, 86-87 
multiprotocol routing, 81 
paths, 72-73 
protocols, 79-80 
static routing, 82-83 
packets, 17 

PDUs (protocol data units), 17 
peer layer protocols, 17 
physical layer, 16, 40 
presentation layer, 15-16,27-28 
session layer, 16, 28-29 
transport layer, 16, 29-30 
acknowledgments, 35 
connection-oriented sessions, 
31-32, 34 
multiplexing, 30-31 
port numbers, 31 
retransmissions, 35-36 
layering, 14 

LCP (Link Control Protocol), 
366-369 

Level 1 DECnet (Digital Equipment 
Corporation), 435 
Level 2 DECnet (Digital Equipment 
Corporation), 435 
line console 0 command, 140 
line mode, 137 
line vty 0 4 command, 140 
linear bus networks, 49 


lines (serial), configuring, 145-146 
Link Access Procedure Balanced 
(LAPB), 67, 378 

Link Control Protocol (LCP), 366 
link-layer addresses, 43 
link-state packets (LSPs), 98 
link-state routing, 87, 98 
changing topologies, 100 
discovery, 98-99 
distance vector routing 
comparisons, 103-104 
LSPs (link-state packets), 98 
NLSP (NetWare Link Services 
Protocol), 264 
requirements, 101 
troubleshooting, 103 
updates, 101-102 
LLC (logical link control), 41-42, 
52, 366 

LMI (Local Management 
Interface), 401-402 
load, 86 

load balancing, 244 

IGRP (Interior Gateway Routing 
Protocol), 253-254 
RIP (Routing Information 
Protocol), 244-245 

loading 

configuration files, 134 
Release 10.0, 135 
TFTP servers, 135-136 
IGRP (Internet Gateway Routing 
Protocol), 252 

local access rates (Frame Relay), 
400 

local addresses (encapsulation), 20 
local ARP (Address Resolution 
Protocol), 203 
local loops (WANs), 362 
Local Management Interface 
(LMI), 401-402 
local routers 

CDP (Cisco Discovery Protocol), 
177-178 

X.25 switches, 394 
local-area networks, see LANs 
LocalTalk, 289 

locations (router configurations), 
112-114 


log parameter (access-list 
command), 341 
logging in (routing), 119 
logical addresses, 43, 45 
logical link control (LLC), 366 
logout command, 119 
looping (FDDI), 64 
loops 

distance vector routing, 91-98 
troubleshooting, 242 
WANs (wide-area networks), 

362 

LSPs (link-state packets), 98 
troubleshooting, 103 
updates, 101-102 

M 

MAC (media access control) 
addresses, 41-46 
ARP (Address Resolution 
Protocol), 203 
IPX (Internetwork Packet 
Exchange), 267 
network layer (OSI model), 74 
Token Ring, 57 
mainframes (networks), 6 
Management Information Base, see 
MIB 

managing internetworks, 13 
manufacturer identifications 
(vendor codes), 43-44 
masks 

IP addresses, 213-221 
wildcard (IP access lists), 
320-323 

maximum numbers (counting to 
infinity), 92 

maximum transmission units 
(MTUs), 87 

Measurement Interval Rate (MIR), 
402 

media (Token Ring priority 
system), 59 
memory 

configuring routers, 113-114 
Flash, see Flash Memory 
link-state routing requirements, 
101 


message-of-the-day banners, 
139-140 

metrics, 86-87, 240 
Banyan VINES, 442 
IGRP (Internet Gateway Routing 
Protocol), 249-255 
IPX RIP, 270 
RTMP (Routing Table 

Maintenance Protocol), 291 
MIB (Management Information 
Base), 176 

minicomputers (networks), 5 
MIR (Measurement Interval Rate), 
402 

models (OSI), see OSI reference 
model 
modems, 12 

modes (routing commands), 116 
configuration, 119 
enhanced editing, 123-124 
Global Configuration, 118, 
136-138 

privileged EXEC, 117 
ROM monitor, 117-118 
RXBoot, 118 
Setup, 118 

user EXEC, see user EXEC mode 
modulus parameter (x25 modulo 
command), 392 
monitors (Token Ring), 60 
MSAU (multistation access unit), 
56 

MTUs (maximum transmission 
units), 87, 252 

multiaccess switching (WANs), 64 
multicasts (LAN Ethernet), 50 
multilink PPP (Point-to-Point 
Protocol), 368 
multimedia, formatting, 27 
multiplexers 

transport layer (OSI model), 
30-31 

WANs (wide-area networks), 12 
multipoint connections 
Frame Relay, 414—415 
WANs (wide-area networks), 64 
multiprotocol routing, 81 
multistation access unit (MSAU), 
56 


N 

Name Binding Protocol (NBP), 
290, 296 

named access lists (IP), 331-332 
names 

hosts (IP), 224 

Novell encapsulations, 269-270 
routers, 138-140 
NAUN (nearest active upstream 
neighbor), 56 
navigation (shortcut kevs), 
123-125 

NBP (Name Binding Protocol), 
290, 296 

NCP (NetWare Core Protocol), 
264 

NCPs (Network Control 
Programs), 366 

NDS (Novell Directory Service), 
264 

nearest active upstream neighbor 
(NAUN), 56 
neighbors 

CDP (Cisco Discovery Protocol), 
179-181 

link-state routing, discovery, 99 
notification, 99 
NetBIOS (Network Basic 
Input/Output System) 
emulation, 265 
NetWare (Novell), 263-266 
GNS (Get Nearest Server), 
273-274 

IPX (Internetwork Packet 
Exchange), 264-265 
addresses, 267-268 
encapsulations, 268-270 
NCP (NetWare Core Protocol), 
264 

NLSP (NetWare Link Services 
Protocol), 264 
RIP (Routing Information 
Protocol), 270-272 
SAP advertisements, 272-273 
network command, 244-246 
Network Control Programs 
(NCPs), 366 

Network File System (NFS), 15 
Network Information Center 
(InterNIC), 240 
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metwork layer (OSI model), 16, 71 
addresses, 74-78 
I paths, 72-73 
protocols, 79-81 
| routing 

changing topologies, 84 
| default, 83-84 

distance vector, see distance 
l vector routing 

dynamic, 82, 84-85 
, link-state, see link-state 

routing 

metrics, 86-87 
I static, 82-83 
network numbers 
) Banyan VINES, 442-443 
IPX (Internetwork Packet 
| Exchange) addresses, 267 

see also subnets 
network parameter (access-list 
command), 344 

network terminal number (NTN), 
381 

network-layer addresses, 43 
hetwork-mask node-mask 
parameter (access-list 
command), 344 
networks 
addresses, 20, 45 
AppleTalk, 291-292 
centralized processing, 3-4 
configuration files, 136 
designing, 13 

enterprise networks, 12-13 
internetworks, 6-7 
global, 7-9 
IPX, see IPX 
routing, see routing 
LANs (local-area networks), 

5-6, 9-10 
Ethernet, 46-55 
FDDI (Fiber Distributed Data 
Interface), 61-64 
interfaces, 57 
LLC (logical link control), 
41-42 

MAC (media access control), 
41—46 


mainframes, 6 
OSI model (layered), 14-15 
application layer, 15, 25-27 
data link layer, 16, 39-40 
encapsulation, 18-20 
headers, 18 

network layer, see network 
layer 

peer layer protocols, 17 
physical layer, 16, 40 
presentation laver, 15-16, 
27-28 

session layer, 16, 28-29 
transport layer, see transport 
layer, 

packets, 17 

PCs (Personal Computers), 4-6 
PDUs (protocol data units), 17 
routers, configuring, 112 
stub, 82, 238 
TCP/IP, see TCP/IP 
transit, 238 

WANs (wide-area networks), 5, 
10-12, 64-65, 359 
call setup process, 359-360 
clouds, 359 
data link layer, 67*-68 
Frame Relay, 360 
frames, 364-366 
physical layer, 66 
PPP, see PPP 

service provider connections, 
360-364 
services, 364 
standards, 65 
TDM (time-division 
multiplexing), 360 
X.25, 360 

next hops (default routing), 83 
NFS (Network File System), 15 
NLSP (NetWare Link Services 
Protocol), 264, 272 
no access-group command, 325 
no access-list command, 325 
no cdp enable command, 177 
no cdp run command, 177 
no clock rate command, 146 


no debug ip igrp transaction 
command, 258 

no debug ip rip command, 248 
no exec-timeout command, 119 
no ip domain-lookup command, 
225 

no shutdown command, 148 
node numbers 
AppleTalk, 292 
IPX (Internetwork Packet 
Exchange), 267 
nodes, 264 

DECnet (Digital Equipment 
Corporation), 433-434 
ID, 294 
zones, 297 

nonextended networks 
(AppleTalk), 291-292 
nonvolatile RAM, see NVRAM 
Novell 

IPX, see IPX, 263 
NetWare, 263-266 
see also NetWare 
Novell Directory Service (NDS), 
264 

NTN (network terminal number), 
381 
numbers 

conversions, 453-459 
interfaces, 142 
NVRAM (nonvolatile RAM) 
configuration files (startup), 115 
configuring routers, 113 
system image (startup), 115 


o 

octets 

IP addresses, 208, 211-212 
wildcard masks, 322 
Open System Interconnection 
model, see OSI model 
operand parameter (access-list 
command), 328 
operator parameter (access-list 
command), 328 


standards, 40-41 
Token Ring, 55-61 


Index 
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Options field 

IP datagrams, 200 
TCP (Transmission Control 
Protocol), 192 

options parameter (x.25 map 
command), 387 

Organizational Unique Identifier 
(OUI), 43 

OSI (Open System Interconnection) 
model, 14-15, 378 
application layer, 15, 25-27 
data link layer, 16, 39—40 
LLC (logical link control), 
41-42 

MAC (media access control), 

41—46 

WANs (wide-area networks), 
67-68 

encapsulation, 18-20 
headers, 18 
network layer, 16, 71 
addresses, 74-78 
changing topologies, 84 
default routing, 83-84 
distance vector routing, see 
distance vector routing 
dvnamic routing, 82, 84-85 
LAN-to-LAN routing, 

105- 106 

LAN-to-WAN routing, 

106- 107 

link-state routing, see 
link-state routing 
metrics, 86-87 
multiprotocol routing, 81 
paths, 72-73 
protocols, 79-80 
static routing, 82-83 
packets, 17 

PDUs (protocol data units), 17 
peer layer protocols, 17 
physical layer, 16, 40 

FDDI (Fiber Distributed Data 
Interface), 62-63 
Token Ring, 56 
WANs (wide-area networks), 
66 

presentation layer, 15-16, 27-28 
session layer, 16, 28-29 


transport layer, 16, 29-30 
acknowledgments, 35 
connection-oriented sessions, 
31-32, 34 
multiplexing, 30-31 
port numbers, 31 
retransmissions, 35-36 
OUI (Organizational Unique 
Identifier), 43 

output SAP filter (IPX access lists), 
273, 343-345 
oversubscription, 402 
overwriting software images, 
164-165 


P-Q 

packaging data (encapsulation), 20 
packet assembler/disassembler 

(PAD), 379 

packet level protocol (PLP), 379 
packets (datagrams), 17 
encapsulation, 20 
giant, 51 

network layer, see network layer 

relaying, 78 

routed protocols, "^9 

runts, 51 

switching, 78 

TCP/IP (Transmission Control 
Protocol/Internet Protocol), 
189 

transport layer 

(connection-oriented 
sessions), 32-33 
undeliverable (ICMP rests), 201, 
203 

X.25, see X.25 
see also access lists 
PAD (packet 

assembler/disassembler), 379 
PAP (Password Authentication 
Protocol), 368-370 
parameters 

access-list command, 324-325, 
328 

CDP (Cisco Discovery Protocol), 
178-179 
configuring, 166 


frame-relay map command, 407 
interfaces, configuring, 167-168 
ip route command, 237 
x.25 map command, 387 
x25 route command, 394 
partial-mesh topologies (Frame 
Relay), 410 

Password Authentication Protocol 
(PAP), 368-370 
passwords 

configuring, 166 
encryption, 142 
recovery, 461-465 
router configuration, 140-142 
startup, 119-121 
paths 

distance vector routing, 
discovery, 89-90 
IGRP (Internet Gateway Routing 
Protocol), 249 
network laver (OSI model), 

72-73 

payload-compress 

packet-by-packet parameter 
(frame-relay map command), 
407 

PCs (networks), 4-6 
pDNs (public data networks), 
379-380, 392 

PDUs (protocol data units), 17 
peer layer protocols (OSI model), 

17 

performance (internetworks), 13 
permanent virtual circuits (PVCs), 
382-383, 389 

permit parameter (access-list 
command), 325 
permit statements (access lists), 
315-317 

extended FTP, 330 
standard IP, 324 
source network, 324-325 
PHY sublayer (physical layer 
protocol), 62 
physical addresses, 43 
physical interfaces, 366 
physical layer (OSI model), 16, 40 
FDDI (Fiber Distributed Data 
Interface), 62-63 
LANs (Token Ring), 56 
WANs (wide-area networks), 66 
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Index 


physical layer protocol (PHY) 
sublayer, 62 

physical medium dependent (PMD) 
sublayer, 62 

ping command, 202, 226-228 
ping IPX command, 264 
PLP (packer level protocol), 379 
PMD (physical medium dependent) 
sublayer, 62 

point-to-point connections, 64 
Point-to-Point Protocol, see PPP 
point-to-point subinterfaces 
(Frame Relay), 416-417 
poison reverse 

distance vector routing, 93-94 
IGRP(InternetGateway Routing 
Protocol), 250 

ports 

CDP (Cisco Discovery Protocol), 
179 

configuring routers, 112, 114 
Frame Relay, 400 
TCP (Transmission Control 
Protocol), 193-194 
transport layer (OSI model), 31 
X.25 switches, 394 
position parameter (x25 route 
command), 394 
POST (power-on self-test), 114 
PPP Point-to-Point Protocol), 68, 
366 

authentication, 369-373 
layers, 36" 

LCP. configuring, 368-369 
verifying, 3"4 

TANs (wice-area networks), 

364 

rreamble, 50-51 
rrrsentation .aver (OSI model), 
15-16,2"-28 
rr.criries (Token Ring), 59 
rr.vJeged EXZC mode 
commands. 117,122 
configure. 134 
configure terminal, 156 
copy flaKL 161 
disable. 319 
exit, 119 
show hisr.ry, 124 


terminal history size, 124 
write memory, 153 
write network, 153 
passwords, 141, 120 
processing, centralized, 3-4 
programs 

NCPs (Network Control 
Programs), 366 
System Configuration Dialog, 
165-166 

protocol data units, see PDUs 
Protocol field (IP datagrams), 200 
protocol parameter 
access-list command, 328 
frame-relay map command, 407 
x.25 map command, 387 
protocol-address parameter 

(frame-relay map command), 
407 
protocols 

AppleTalk, 289-291 
access lists, 346-353 
addresses, 291-294 
Chooser, 296 
configuring, 298-301 
discovery, 302-304 
extended networks, 292 
nodes, 294-296 
nonextended networks, 
291-292 
services, 296-297 
troubleshooting, 306-307 
zones, 348 

ARP (Address Resolution 
Protocol), 203 
Banyan VINES, 441-442 
access lists, 446-447 
address assignment, 443 
configuring, 444-446 
hello messages, 443 
metrics, 442 

network numbers, 442-443 
sequence numbers, 442 
showing information, 447 
VIP (Internet Protocol), 442 
CDP (Cisco Discovery Protocol), 
175-176 
disabling, 177 
local routers, 177-178 


neighbors, 179-181 
parameters, 178-179 
showing information, 
177-178 

DECnet (Digital Equipment 
Corporation), 431-432 
access lists, 438-440 
configuring, 435-438 
DRs (designated routers), 
434-435 
Level 1, 435 
Level 2, 435 
nodes, 433-434 
updates, 434 
verifying, 440 
e-mail, 26 

Frame Relay, 399, 404—405 
BECN (Backward Explicit 
Congestion 
Notification), 403 
CIR (Committed Information 
Rate), 402 

committed bursts, 402 
configuring, 405, 407-408 
DE (Discard Eligibility) 
Indicator, 403 

DLCI (Data-Link Connection 
Identifier), 400-401 
excess bursts, 402 
FECN (Forward Explicit 
Congestion 
Notification), 403 
full-mesh topologies, 410 
L\1I (Local Management 
Interface), 401—402 
local access rates, 400 
oversubscription, 402 
partial-mesh topologies, 410 
reachability, 410—411 
star topologies, 410 
subinterfaces, 411-417 
VCs (virtual circuits), 

399-400 
verifying, 408 

ICMP (Internet Control Message 
Protocol), 200-201, 203 
Intermediate 

System-to-Intermediate 
System, see IS-IS 
IP, see IP 


IPX (Internetwork Packet 
Exchange), 263-265 
addressing, 267-268 
encapsulations, 268-270 
global configuration 

commands, 275-276 
GNS (Get Nearest Server), 
273-274 

interface configuration 
commands, 276-277 
local configuration functions, 
277-278 
RIP, 270-272 

SAP advertisements, 272-273 
showing information, 
279-281,283 
troubleshooting, 283-285 
verifying configurations, 278 
network layer (OSI model), 
79-80 

changing topologies, 84 
default routing, 83-84 
distance vector routing, 87-88 
dynamic routing, 82, 84-85 
LAN-to-LAN routing, 

105- 106 

LAN-to-WAN routing, 

106- 107 

link-state routing, see 
link-state routing 
metrics, 86-87 
multiprotocol routing, 81 
static routing, 82-83 
PDUs (protocol data units), 17 
peers, 17 

PPP (Point-to-Point Protocol), 
366 

authentication, 369-373 
layers, 367 

LCP (Link Control Protocol), 
368-369 
verifying, 374 
RARP (Reverse Address 

Resolution Protocol), 203 
routed, routing comparison, 79 
RTMP (Routing Table 

Maintenance Protocol), 291 
showing, 130 
SQL (Structured Query 
Language), 29 


TCP/IP (Transmission Control 
Protocol/Internet Protocol), 
187-189 

application layer, 189-190 
datagrams, 189 
Internet layer, 198-201, 203 
packets, 189 
transport layer, 190-198 
transport layer (OSI model), 31 
WANs (wide-area networks), 65 
X.25, 377-379 
addresses, 380-381 
configuring, 385-393 
DCE (data circuit-terminating 
equipment), 379-380 
DTE (data terminal 

equipment), 379-380 
encapsulation, 382 
showing information, 395 
switching, 393-394 
VCs (virtual circuits), 
382-385, 389-390 
ZIP (Zone Information Protocol) 
replies, 347, 352 
public data network (PDN), 
379-380 

PVCs (permanent virtual circuits), 
382-383, 389 
question marks (?), 117 
queuing (access lists), 312 

R 

RAM, configuring routers, 113 
RARP (Reverse Address Resolution 
Protocol), 203 
raw Ethernet (802.3), 268 
reachability (Frame Relay), 
410-411 

recovering passwords, 461—465 
relaying packets, 78 
Release 10.0 

configuration files, loading, 135 
router configurations 
saving, 153 
verification, 150-151 
Release 10.3 router configurations 
saving, 152-153 
verification, 149-150 


reliability, 86, 252 
remote access routing, 116 
remote administration 

(Autolnstall), 449-452 
Remote Procedure Call (RPC), 29 
requirements (link-state routing), 
101 

Reserved field (TCP), 192 
restrictions (passwords), 140-142 
retransmissions (OSI model 
transport layer), 35-36 
RFCs (Request for Comments), 
189,244 

RIP (Routing Information 
Protocol) 
configuring, 244 

commands, 245-246 
load balancing, 244-245 
showing information, 
247-248 

IPX (Internetwork Packet 

Exchange), 264, 270-272 
ROM monitor mode 
commands, 117-118 
configuring routers, 114, 155 
system images 
locating, 154 
startup, 115 
routed protocols 

Banyan VINES, configuring, 

*444-446 

routing protocols comparison, 
79 

router command, 243 

router igrp command, 254-255 

router mode, 138 

router rip command, 245-246 

router-map mode, 138 

routes, 233-234 

routing, 6 

AppleTalk, see AppleTalk 
balanced hybrid, 104 
command modes, see command 
modes 
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configurations, 112-114, 133 
backups, 158-159, 161 
boot system, 157-158 
Configuration Register value, 
155-157 

global configuration mode, 
136-138 

identification, 138-140 
interfaces, 142-145, 148 
loading, 134-136 
locating, 153, 155 
passwords, 140-142 
Release 10.0, 150-153 
Release 10.3, 149-153 
setup mode, 165-169 
see also system images 
DDR (dial-on-demand), 83 
default, 83-84 
distance vector, 87-89 
changing topologies, 90-91 
discovery, 89-90 
link-state comparisons, 
103-104 
loops, 91-98 
dynamic, 82, 84-85 
IP, 233-234 
administrative distances 
235-236 


autonomous systems, 

239- 240' 

default routers, 239 
destinations, 235 
disabling, 235 
dynamic routing, 243-244 
exterior routing protocols, 

240- 243 
IGRP, see IGRP 


interior routing protocols, 
240-243 
RIP, see RIP 


static routes, 237-238 
IPX (Internetwork Packet 
Exchange), 283 
LANs (local-area networks), 
LAN-to-LAN, 105-106 
LAN-to-WAN, 106-107 
link-state, 87, 98 
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changing topologies, 100 
discovery, 98-99 


requirements, 101 
troubleshooting, 103 
updates, 101-102 
metrics, 86-87 
multiprotocol routing, 81 
remote access, 116 
ships-in-the-night, 81 
startup. 111, 114-116 
logging in, 119 
passwords, 119-121 
static, 82-83 
status of, 125-130 
traceroute, 203 
versions, showing, 127 
WANs (wide-area networks), 12 
X.25, see X.25 

Routing Information Protocol see 
RIP 

routing protocols, routed protocol 
comparisons, 79 
Routing Table Maintenance 
Protocol (RTMP), 290 
routing tables (IPX), 280-281 
Routing Update Protocol (RTP) 

442 

RPC (Remote Procedure Call), 29 
RTMP (Routing Table 

Maintenance Protocol), 
290-291 

rtmp command, 299 
RTP (Routing Update Protocol), 
442 

runt packets, 51 
RXBoot commands, 118 

s 

SABM (set asynchronous balanced 
mode) 

SABME (SABM extended), 379 
X.25, 379 

SAP (Service Advertisement 

Protocol) advertisements, 264 
access lists, 335-337, 341-346 
IPX (Internetwork Packet 
Exchange), 272-273, 
284-285 

SAS (single attachment station), 62 


scalability 

IGRPdnternet Gateway Routing 
Protocol), 249 
internetworks, 13 
scripts (setup mode), 168-169 
scrolling (shortcut keys), 123-125 
SDLC (Synchronous Data Link 
Control), 65-67 
security 

access lists, 312 

passwords, 119-121, 140-142 
seed routers (AppleTalk discovery) 
302 
segments 

LAN Ethernet, 55 
transport layer (OSI model), 29 
sequence numbers 
Banyan VINES, 442 
TCP (Transmission Control 
Protocol), 191, 197 
Sequenced Packer Exchange (SPX), 
264 

serial interfaces, 142 
serial lines, configuring, 145-146 
serial ports (X.25 switches), 394 
server-name parameter (access-list 
command), 344 
servers, 291 

configuration files, loading, 
135-136 

configuring routers, 112 
IPX (Internetwork Packet 
Exchange), 282 

WANs (wide-area networks), 12 
Service Advertisement Protocol, see 
SAP 

service password-encryption 
command, 120, 142 
service providers 
Frame Relay, 404 
WANs (wide-area networks), 
360-364 

services 

AppleTalk, 296-297 
WANs (wide-area networks), 

364 

service-type parameter (access-list 
command), 344 
session layer (OSI model), 16, 

28-29 


set asynchronous balanced mode, 
see SABM 

setup command, 118, 165 
setup mode configurations, 
165-169 

sharing, see networks 
ships-in-the-night routing, 81 
shortcut keys, editing, 123-124 
shortest path first (SPF) algorithms, 
see link-state routing 
show access-lists command, 334, 
346 

show appletalk access-lists 
command, 353 

show appletalk arp command, 305 
show appletalk globals command, 
305 

show appletalk interface 
command, 304-305 
show appletalk route command, 
305 

show appletalk zone command, 
305 

show cdp entry command, 

180-181 

show cdp interface command, 177 
show cdp neighbors command, 
179-180 

show configuration command, 150 
show controllers serial command, 
147 

show decnet interface command, 
440 

show decnet route command, 440 
show decnet traffic command, 440 
show flash command, 159-160 
show frame-relay lmi command, 
409 

show frame-relay map command, 
409 

show frame-relay pvc command, 
409 

show history command, 124 
show hosts command, 225-226 
show interfaces command, 

128-129, 143-144, 146, 374, 
395 

show interfaces serial command, 
144-145, 408 

show ip interface command, 223, 
257, 333-334 


show ip protocols command, 247, 
256 

show ip route command, 247, 
257-258 

show ipx interface command, 
279-280, 346 

show ipx route command, 280-281 
show ipx servers command, 282 
show ipx traffic command, 
282-283 

show protocols command, 130 
show running-config command, 
128, 150, 334 

show startup-config command, 

128, 334 

show version command, 127, 155, 
157 

show x25 map command, 395 
show x25 vc command, 395-396 
shutdown command, 148 
shutting down interfaces, 148 
single attachment station (SAS), 62 
sites (World Wide Web) 

Cisco, 119, 160 
Frame Relay Forum, 400 
TCP/IP information, 188 
size (IP addresses), 208 
SNA (Systems Network 
Architecture), 4-6 
SNAP 

CDP (Cisco Discovery Protocol), 
176 

Ethernet LAN fields, 52 
sockets, 192-193 
software images 

backups, 158-159, 161 
Configuration Register value, 
155-157 

locating, 154-155 
overwriting, 164-165 
setup mode, 165-169 
showing information, 159-160 
startup, 114-115 
upgrading, 162-163 
Source IP Addresses field (IP 
datagrams), 200 
source network (access lists), 
324-325 


source parameter (access-list 
command), 324, 328 
source physical address fields 
(LANs), 51 

source ports (TCP), 191-194 
Source Service Access Point (SSAP), 
52 

source-mask parameter (access-list 
command), 324, 328 
source-network parameter 

(access-list command), 338 
source-node parameter (access-list 
command), 338 
source-node-mask parameter 
(access-list command), 338 
source-socket parameter 

(access-list command), 340 
speeds (Token Ring), 57 
SPF (shortest path first) algorithms, 
see link-state routing 
split horizons 

distance vector routing, 93 
IGRP (Internet Gateway Routing 
Protocol), 251 
RIP IPX, 271 

SPX (Sequenced Packet Exchange), 
6,264 

SQL (Structured Query Language), 
29 

SSAP (Source Service Access Point), 
52 

standard access lists, 313, 317-318 
IP (Internet Protocol), 324-326 
IPX (Internetwork Packet 
Exchange), 335-336, 
338-340 

standard subnet masks, 217 
standards 

802.3z (Gigabit Ethernet), 55 
Frame Relay, 399 
LANs (local-area networks), 
40-41 

WANs (wide-area networks), 65 
star topologies (Frame Relay), 410 
starting routers. 111, 114-116 
logging in, 119 
passwords, 119-121 
setup mode, 165-166, 169 
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system images 
backups, 158-159, 161 
boot system commands 
157-158 

Configuration Register value 
155-157 

locating, 153, 155 
overwriting, 164-165 
upgrading, 162-163 
static routing (IP), 82-83, 237 
configuring, 237-238 ’ 
destinations, 235 
statistics (interfaces), 129 
status of routers, 125-130 
storage (system images), 154-155 
structured Query Language (SQL), 

stub networks, 82, 238 
subinterface mode, 137 
subinterfaces (Frame Relay) 
411-412 

configuring, 413-414 
multipoint, 414-415 
point-to-point, 416-417 
subnet masks (IP addresses) 
213-221 

subnet zero (IP addresses) 

212-213 
subnets, 213 
IP addresses, 214-215 
wildcard masking, 321-322 
Subnetwork Access Protocol, see 
SNAP 

Sun manufacturer identification 
(vendor code), 44 
SVCs (switched virtual circuits) 
Frame Relay, 400 
X.25, 382-385, 389 
switches, 78 

Frame Relay, 400-401, 470-472 
( . local ' area ne tworks), 10 

WANs (wide-area networks) 12 
362-364 
X.25, 393-394 
SYN (synchronization) 

TCP (Transmission Control 
Protocol), 194-195 
transport layer connections, 32 


Synchronous Data Link Control 
(SDLC), 65-67 
System Configuration Dialog 
program, 165-167 
system images 
backups, 158-159, 161 
boot system commands 
157-158 

Configuration Register value 
155-157 

locating, 153, 155 
overwriting, 164-165 
setup mode, 165-166, 168-169 
showing information, 159-160 
startup, 115 
upgrading, 162-163 
systems, autonomous, 239-240 
Systems Network Architecture 
(SNA) networks, 4-6 

T 

TA/NTl (WANs), 363 
TCP (Transmission Control 

Protocol), 190-192, 194-197 
acknowledgments, 195-197 
ISNs (initial sequence numbers) 
194 

port numbers, 192-194 
sequence numbers, 197 
SYN (synchronization), 

194-195 

three-way handshakes, 194-195 
window sizes, 195-197 
X.25 switches, 393 
tep parameter (access-list 
command), 330 
TCP/IP (Transmission Control 
Protocol/Internet Protocol) 6 
187-189 ’ 

access lists, 318-320 
extended, 327-331 
named, 331-332 
placement of, 333 
showing information, 

333-334 

standard, 324-326 
verifying, 333-334 
wildcard masks, 320-323 
application layer, 189-190 
datagrams, 189 


Internet layer, 198 
ARP (Address Resolution 
Protocol), 203 
ICMP (Internet Control 
Message Protocol), 
200-203 

IP datagrams, 199-200 
RARP (Reverse Address 
Resolution Protocol) 
203 

IP, see IP 
layers, 14-15 

network layer addresses, 76 
packets, 189 

RFCs (Request for Comments) 
189 

transport layer, 190-191 
port numbers, 192-193 
TCP, 190-197 
UDP, 198 

TCP/IP information web site, 188 
tep-port-number, 224 
TDM (time-division multiplexing) 
360 8 

Telecommunications Industry 
Association (TIA), 41 
Telnet 

extended access lists, 330-33 1 
IP addresses, verifying, 227 
remote router access, 116 
telnet command, 226 
Term ip command, 223 
term qi netmask-format command, 

terminal history size command 
124 

terminal no editing command, 123 
terminals 

configuring routers, 112 
dumb, 3-4 

remote router access, 116 
X.25, 377 

text formatting (OSI model 
presentation layer), 27 
TFTP servers 

configuration files, loading, 
135-136, 153 
configuring routers, 112 
thick Ethernet (10Base5) wiring, 47 
thin Ethernet (10Base2) wiring, 47 
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three-way handshakes 

TCP (Transmission Control 
Protocol), 194-195 
TIA (Telecommunications Industry 
Association), 41 
ticks, 86, 270 
Time To Live, see TTL 
time-division multiplexing, see 
TDM 

timers (CDP), 178 
Token Passing Method, 58-59 
Token Ring, 55-56 
active monitor, 60 
error detection, 60-61 
ETR (early token release), 59 
interfaces, 57 

LANs (local-area networks), 10 
physical layer, 56 
priority system, 59 
speeds, 57 

transmissions, 58-59 
see also FDD1 

tokens (dual ring FDDI), 63-64 
toll networks (WANs), 362 
topologies 

distance vector routing, adapting 
to, 90-91 
Frame Relay 
full-mesh, 410 
partial-mesh, 410 
star, 410 

link-state routing, adapting to, 
100 

network layer, adapting to, 84 
Total Length field (IP datagrams), 
199 

trace command, 226, 229-230 

traceroute, 203, 229 

traffic 

IPX (Internetwork Packet 
Exchange), 282-283 
see also access lists 
transit network, 238 
Transmission Control 

Protocol/Internet Protocol, see 
TCP/IP 

transmissions (LANs) 
collisions, 52-53 
Ethernet, 49 


high speed cniUU'Ctions, 53 55 
Token Ring. ^ ; . .. 

ransport layer « l6 ’ 

29-30 

acknowledg»"‘' n,H ’ 

■ .«• 11red sessions, 

connection •«>»“ 1 

31-34 

encapsulation. 

multiplexing. 

port number■». ^ ^ 

retransmissions, » “• 

TCP/IP (Tr.iii'""""’" f,' "'™t, 

Prot<K-l/l"' crnct Pr,)tocol) ’ 

190- 1 9 1 

port numi" ' 

TCP, 190 1 1,7 

I !DP 11 Urf I l.".lfi r ‘" T ' 

D ,' ill 190,198 
Profo‘ou. 

riggered update Uhstancc vector 
routing), ' f ^ 
roubleshooting 
AppleTalk, * (,/ 

configuration bl«s 

Release »0 0. j ’ 1 

delivery (K Ml’ "-sts). 20 -202 
distance ver."" routing loops, 
91-98 , , , 

Frame Rein / rr.uhnbility, 
410-41 1 , „ . , 

IPX (Interne'w" rk Packet 
ExchafiyA'h 28 1-28^ 

LANs (local ""'works) 

delayS ’ ’ ,,u collisions, 52-53 
transmit" 10 1-103 
link-state ruling, . ,/r 

passwords, osovenng, 461-465 

routing pr'/ # '' c0 * s ’ 

Token Ring 

active 60-61 

error der * 
runks (WAN • 

1TL (Time T'r I * vc l _ , 

CDP (Cisco Discovery Protocol), 

fifinity (distance 
counting to y q 7 _qq 

vector routing), 

IP datagrarr^, 20 


tunnel destination command, 472 
tunnel source serial command, 472 
tunneling (X.25), 377-378 
Type of Service field (IP 
datagrams), 199 


u 

UDP (User Datagram Protocol), 
163, 190, 198 
port numbers, 192-193 
successful transfers, 163 
undeliverable packets (ICMP tests), 
201-203 

unequal-cost load balancing 
(IGRP), 253-254 
updates 

DECnet (Digital Equipment 
Corporation), 434 
distance vector routing, 92-96 
IGRP (Internet Gateway Routing 
Protocol), 250 
link-state routing, 101-102 
RIP (Routing Information 
Protocol), 244, 271 
upgrading software images, 
162-163 

Urgent Pointer field (TCP), 192 
User Datagram Protocol (UDP), 
163 

user EXEC commands, 117 
commands, 121-122 
exec-timeout, 119 
logout, 119 
no exec-timeout, 119 
terminal no editing, 123 
user interface 
accessing, 116 
command modes, 116 
configuration, 119 
Global Configuration, 118 
privileged EXEC, 117 
ROM monitor, 117-118 
RXBoot, 118 
Setup, 118 
user EXEC, 117 
commands, history of used, 
124-125 

enhanced editing mode, 
123-124 
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^/Cs (virtual circuits) 

Frame Relay, 399-402 
m SVCs (switched VCs), 383-385 
X.25, 377-378, 382-383 
vendor codes, 43-44 
^F.RS field (IP datagrams), 199 
Versions 

w IP addresses, 209 
^ routers, showing, 127 
W software image, 160 
^video, formatting, 27 
^ ines access-list command, 318 
VINES, see Banyan VINES 
^/irtual addresses, 43 
virtual Integrated Network 
k Service, see Banyan VINES 

^virtual terminals 
k configuring routers, 112 
" passwords, configuring, 141 
^VLSM (variable-length subnet 
r masking), 250 

^VTY passwords, 141 


w 

WANs (wide-area networks), 5, 
10-12, 64-65, 359 
call setup process, 359-360 
clouds, 359 
data link layer, 67-68 
designing, 13 
Frame Relay, 360 
frames, 364-366 
internetworks, 6-7 
global, 7-9 
routing, see routing 
physical layer, 66 
PPP (Point-to-Point Protocol), 
366 

authentication, 369-373 
layers, 367 

LCP (Link Control Protocol), 
368-369 
verifying, 374 


service provider connections, 
360-364 
services, 364 
standards, 65 
TDM, 360 
X.25, 360, 377-379 
addresses, 380-381 
configuring, 385-393 
DCE (data circuit-terminating 
equipment), 379-380 
DTE (data terminal 

equipment), 379-380 
encapsulation, 382 
showing information, 395 
switching, 393-394 
VCs (virtual circuits), 
382-385, 389-390 
wide-area networks, see WANs 
wildcard masks 
IP access lists, 320-323 
standard IPX access lists, 336 
Window field (TCP), 192 
window sizes 

TCP (Transmission Control 
Protocol), 195-197 
X.25 SVCs (switched virtual 
circuits), 384, 391-392 
windowing (OSI model transport 
layer), 33, 36 

wire address (subnets), 219 
wiring LANs, 47-48 
workgroup concentrators (LANs), 
10 

workstations (remote router 
access), 116 

wrapping FDDI (Fiber Distributed 
Data Interface), 64 
write erase command, 151 
write memory command, 153 
write network command, 153 
write terminal command, 128 
WWW (World Wide Web) sites 
Cisco, 119, 160 
Frame Relay Forum, 400 
TCP/IP information, 188 


X 

X.25, 4, 377-379 
addresses, 77, 380-381 
configuring, 385-386, 388-389, 
392-393 
addresses, 387 
encapsulation, 386-387 
map, 387 
size, 390-391 
VCs (virtual circuits), 
389-390 

window parameters, 391-392 
DCE (data circuit-terminating 
equipment), 379-380 
DTE (data terminal equipment), 
379-380 

encapsulation, 382 
showing information, 395 
SVCs (switched VCs), 383-385 
switching, 393-394 
VCs (virtual circuits), 382-383 
WANs (wide-area networks), 
360 

x25 address command, 387, 393 
x25 ips/ops command, 393 
x25 map command, 384, 387 
x25 modulo command, 392 
x25 route command, 394 
x25 win command, 391 
x25 win/wout command, 393 
x25 wout command, 391 
Xerox Network Systems (XNS) 
protocol suite, 264 


z 

zeros (IP addresses), 212-213 
ZIP (Zone Information Protocol), 
290, 347, 352 

ZIT (Zone Information Table), 297 
zones (AppleTalk), 297, 348 
filtering, 351 
nodes, 295-296 
showing information, 305 
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